Closed
Bug 907892
Opened 10 years ago
Closed 10 years ago
Disallow setting document.domain in sandboxed iframes
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla26
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(1 file, 1 obsolete file)
5.50 KB,
patch
|
Details | Diff | Splinter Review |
mrbkap and bholley are for, no one is against. If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.
![]() |
Assignee | |
Updated•10 years ago
|
Whiteboard: [need review]
![]() |
Assignee | |
Comment 1•10 years ago
|
||
Attachment #793658 -
Flags: review?(bugs)
Comment 2•10 years ago
|
||
Comment on attachment 793658 [details] [diff] [review] Disallow setting document.domain in sandboxed iframes. Spec bug filed? Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0
Attachment #793658 -
Flags: review?(bugs) → review+
Comment 3•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #2) > Spec bug filed? https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040
![]() |
Assignee | |
Comment 4•10 years ago
|
||
![]() |
Assignee | |
Updated•10 years ago
|
Attachment #793658 -
Attachment is obsolete: true
![]() |
Assignee | |
Comment 5•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4579c96c94a3
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla26
Comment 6•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4579c96c94a3
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Comment 7•10 years ago
|
||
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/26/Site_Compatibility
Keywords: dev-doc-needed → dev-doc-complete
Comment 8•10 years ago
|
||
Spec updated accordingly.
Updated•4 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•