the browserid sandbox turns off a number of iframe features, such as plugins, we need to copy those few lines of code.
this caused bustage on windows and was reverted. After a quick chat with MattN, and looking at the actual latest code being used, this was removed from the identity sandboxing as well.
the final code that landed in bug 762569 did this, fwiw.
This was marked as resolved/fixed, so just want to clarify for myself and the sake of this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=762569#c25 My understanding is that the frameworker implementation patch does this. I looked in github, I think the code you're referring to is in FW.JSM 379: // Disable some types of content 380: webNav.allowAuth = false; 381: webNav.allowPlugins = false; 382: webNav.allowImages = false; 383: webNav.allowWindowControl = false; 384: // TODO: disable media (bug 759964) Can you confirm? thx.
FrameWorker is in mozilla-central now, the code is here: http://hg.mozilla.org/mozilla-central/annotate/afbb478ed7a1/toolkit/components/social/FrameWorker.jsm#l224 We should expand the test suite coverage for these cases.
(I also filed bug 771809 on sharing code here)