Open Bug 752563 Opened 8 years ago Updated 8 years ago

iframe sandbox worker tests need a test for cross-domain blob objects

Categories

(Core :: Security, defect)

defect
Not set

Tracking

()

People

(Reporter: imelven, Unassigned)

References

Details

when bug 722126 ""Can't transfer File objects with postMessage cross domain" is fixed, the iframe sandbox tests (see bug 341604) need an test added to make sure 
that a worker in a sandboxed iframe with 'allow-scripts' cannot be loaded
from a blob URI that was not created by the sandboxed document itself (ie a blob that was created with a different principal than the sandboxed document that created the worker, this should not be allowed)
Depends on: 722126, framesandbox
You need to log in before you can comment on or make changes to this bug.