Open Bug 752563 Opened 12 years ago Updated 2 years ago

iframe sandbox worker tests need a test for cross-domain blob objects

Categories

(Core :: Security, defect)

defect

Tracking

()

People

(Reporter: imelven, Unassigned)

References

Details

when bug 722126 ""Can't transfer File objects with postMessage cross domain" is fixed, the iframe sandbox tests (see bug 341604) need an test added to make sure 
that a worker in a sandboxed iframe with 'allow-scripts' cannot be loaded
from a blob URI that was not created by the sandboxed document itself (ie a blob that was created with a different principal than the sandboxed document that created the worker, this should not be allowed)
Depends on: 722126, framesandbox
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.