Closed Bug 764215 Opened 11 years ago Closed 10 years ago
turn off iframe features ala browserid sandbox
the browserid sandbox turns off a number of iframe features, such as plugins, we need to copy those few lines of code.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
this caused bustage on windows and was reverted. After a quick chat with MattN, and looking at the actual latest code being used, this was removed from the identity sandboxing as well.
the final code that landed in bug 762569 did this, fwiw.
This was marked as resolved/fixed, so just want to clarify for myself and the sake of this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=762569#c25 My understanding is that the frameworker implementation patch does this. I looked in github, I think the code you're referring to is in FW.JSM 379: // Disable some types of content 380: webNav.allowAuth = false; 381: webNav.allowPlugins = false; 382: webNav.allowImages = false; 383: webNav.allowWindowControl = false; 384: // TODO: disable media (bug 759964) Can you confirm? thx.
FrameWorker is in mozilla-central now, the code is here: http://hg.mozilla.org/mozilla-central/annotate/afbb478ed7a1/toolkit/components/social/FrameWorker.jsm#l224 We should expand the test suite coverage for these cases.
(I also filed bug 771809 on sharing code here)
You need to log in before you can comment on or make changes to this bug.