Last Comment Bug 764215 - turn off iframe features ala browserid sandbox
: turn off iframe features ala browserid sandbox
Status: RESOLVED FIXED
:
Product: Firefox
Classification: Client Software
Component: SocialAPI (show other bugs)
: unspecified
: x86 Mac OS X
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks: 733414
  Show dependency treegraph
 
Reported: 2012-06-12 16:52 PDT by Shane Caraveo (:mixedpuppy) [on leave 5/16-7/16]
Modified: 2012-07-07 10:43 PDT (History)
2 users (show)
gavin.sharp: in‑testsuite?
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Shane Caraveo (:mixedpuppy) [on leave 5/16-7/16] 2012-06-12 16:52:44 PDT
the browserid sandbox turns off a number of iframe features, such as plugins, we need to copy those few lines of code.
Comment 1 Shane Caraveo (:mixedpuppy) [on leave 5/16-7/16] 2012-06-14 15:19:48 PDT
pushed https://github.com/mozilla/socialapi-dev/commit/29ec7846c75b20bcab35ed6ccf74699fe271c022
Comment 2 Shane Caraveo (:mixedpuppy) [on leave 5/16-7/16] 2012-06-18 16:22:58 PDT
this caused bustage on windows and was reverted.  After a quick chat with MattN, and looking at the actual latest code being used, this was removed from the identity sandboxing as well.
Comment 3 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-07-03 14:10:22 PDT
the final code that landed in bug 762569 did this, fwiw.
Comment 4 Adam Muntner [:adamm] (use NEEDINFO) 2012-07-05 14:16:23 PDT
This was marked as resolved/fixed, so just want to clarify for myself and the sake of this bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=762569#c25

My understanding is that the frameworker implementation patch does this. I looked in github, I think the code you're referring to is in FW.JSM
 
379:    // Disable some types of content
380:     webNav.allowAuth = false;
381:    webNav.allowPlugins = false;
382:    webNav.allowImages = false;
383:    webNav.allowWindowControl = false;
384:    // TODO: disable media (bug 759964) 

Can you confirm? thx.
Comment 5 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-07-07 10:32:05 PDT
FrameWorker is in mozilla-central now, the code is here:
http://hg.mozilla.org/mozilla-central/annotate/afbb478ed7a1/toolkit/components/social/FrameWorker.jsm#l224

We should expand the test suite coverage for these cases.
Comment 6 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-07-07 10:43:22 PDT
(I also filed bug 771809 on sharing code here)

Note You need to log in before you can comment on or make changes to this bug.