Last Comment Bug 764215 - turn off iframe features ala browserid sandbox
: turn off iframe features ala browserid sandbox
Product: Firefox
Classification: Client Software
Component: SocialAPI (show other bugs)
: unspecified
: x86 Mac OS X
-- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Shane Caraveo (:mixedpuppy)
Depends on:
Blocks: 733414
  Show dependency treegraph
Reported: 2012-06-12 16:52 PDT by Shane Caraveo (:mixedpuppy)
Modified: 2012-07-07 10:43 PDT (History)
2 users (show) in‑testsuite?
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Shane Caraveo (:mixedpuppy) 2012-06-12 16:52:44 PDT
the browserid sandbox turns off a number of iframe features, such as plugins, we need to copy those few lines of code.
Comment 2 User image Shane Caraveo (:mixedpuppy) 2012-06-18 16:22:58 PDT
this caused bustage on windows and was reverted.  After a quick chat with MattN, and looking at the actual latest code being used, this was removed from the identity sandboxing as well.
Comment 3 User image :Gavin Sharp [email:] 2012-07-03 14:10:22 PDT
the final code that landed in bug 762569 did this, fwiw.
Comment 4 User image Adam Muntner [:adamm] (use NEEDINFO) 2012-07-05 14:16:23 PDT
This was marked as resolved/fixed, so just want to clarify for myself and the sake of this bug:

My understanding is that the frameworker implementation patch does this. I looked in github, I think the code you're referring to is in FW.JSM
379:    // Disable some types of content
380:     webNav.allowAuth = false;
381:    webNav.allowPlugins = false;
382:    webNav.allowImages = false;
383:    webNav.allowWindowControl = false;
384:    // TODO: disable media (bug 759964) 

Can you confirm? thx.
Comment 5 User image :Gavin Sharp [email:] 2012-07-07 10:32:05 PDT
FrameWorker is in mozilla-central now, the code is here:

We should expand the test suite coverage for these cases.
Comment 6 User image :Gavin Sharp [email:] 2012-07-07 10:43:22 PDT
(I also filed bug 771809 on sharing code here)

Note You need to log in before you can comment on or make changes to this bug.