Closed
Bug 907892
Opened 11 years ago
Closed 11 years ago
Disallow setting document.domain in sandboxed iframes
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla26
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(1 file, 1 obsolete file)
|
5.50 KB,
patch
|
Details | Diff | Splinter Review |
mrbkap and bholley are for, no one is against. If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [need review]
|
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #793658 -
Flags: review?(bugs)
|
||
Comment 2•11 years ago
|
||
Comment on attachment 793658 [details] [diff] [review]
Disallow setting document.domain in sandboxed iframes.
Spec bug filed?
Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0
Attachment #793658 -
Flags: review?(bugs) → review+
|
||
Comment 3•11 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #2)
> Spec bug filed?
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040
|
|
Assignee | |
Comment 4•11 years ago
|
||
|
|
Assignee | |
Updated•11 years ago
|
Attachment #793658 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 5•11 years ago
|
||
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla26
|
||
Comment 6•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
|
|
||
Comment 7•11 years ago
|
||
Keywords: dev-doc-needed → dev-doc-complete
|
||
Comment 8•11 years ago
|
||
Spec updated accordingly.
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•