turn off iframe features ala browserid sandbox

RESOLVED FIXED

Status

()

Firefox
SocialAPI
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: mixedpuppy, Unassigned)

Tracking

unspecified
x86
Mac OS X
Points:
---
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
the browserid sandbox turns off a number of iframe features, such as plugins, we need to copy those few lines of code.
(Reporter)

Comment 1

5 years ago
pushed https://github.com/mozilla/socialapi-dev/commit/29ec7846c75b20bcab35ed6ccf74699fe271c022
(Reporter)

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Reporter)

Comment 2

5 years ago
this caused bustage on windows and was reverted.  After a quick chat with MattN, and looking at the actual latest code being used, this was removed from the identity sandboxing as well.
(Reporter)

Updated

5 years ago
Blocks: 733414
the final code that landed in bug 762569 did this, fwiw.
This was marked as resolved/fixed, so just want to clarify for myself and the sake of this bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=762569#c25

My understanding is that the frameworker implementation patch does this. I looked in github, I think the code you're referring to is in FW.JSM
 
379:    // Disable some types of content
380:     webNav.allowAuth = false;
381:    webNav.allowPlugins = false;
382:    webNav.allowImages = false;
383:    webNav.allowWindowControl = false;
384:    // TODO: disable media (bug 759964) 

Can you confirm? thx.
FrameWorker is in mozilla-central now, the code is here:
http://hg.mozilla.org/mozilla-central/annotate/afbb478ed7a1/toolkit/components/social/FrameWorker.jsm#l224

We should expand the test suite coverage for these cases.
Flags: in-testsuite?
(I also filed bug 771809 on sharing code here)
You need to log in before you can comment on or make changes to this bug.