Closed Bug 907892 Opened 10 years ago Closed 10 years ago

Disallow setting document.domain in sandboxed iframes

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla26

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(1 file, 1 obsolete file)

With prettier urls
5.50 KB, patch
Details | Diff | Splinter Review 
mrbkap and bholley are for, no one is against.  If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.
Whiteboard: [need review]

        Attachment #793658 -
        Flags: review?(bugs)

    
    

    
  
Comment on attachment 793658 [details] [diff] [review]
Disallow setting document.domain in sandboxed iframes.

Spec bug filed?

Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0

        Attachment #793658 -
        Flags: review?(bugs) → review+

    
    

    
  
(In reply to Olli Pettay [:smaug] from comment #2)
> Spec bug filed?
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040

    
    

    
  


  

    
  

        Attachment #793658 -
        Attachment is obsolete: true

    
    

    
  
https://hg.mozilla.org/integration/mozilla-inbound/rev/4579c96c94a3
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla26

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/4579c96c94a3
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED

    
  
Keywords: dev-doc-needed, 
          
            site-compat
OS: Mac OS X → All
Hardware: x86 → All

    
    

    
  
Spec updated accordingly.

    
  
Blocks: 961689

    
  
Depends on: 963093
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.