Closed Bug 907892 Opened 6 years ago Closed 6 years ago
Disallow setting document
.domain in sandboxed iframes
mrbkap and bholley are for, no one is against. If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.
Comment on attachment 793658 [details] [diff] [review] Disallow setting document.domain in sandboxed iframes. Spec bug filed? Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0
Attachment #793658 - Flags: review?(bugs) → review+
(In reply to Olli Pettay [:smaug] from comment #2) > Spec bug filed? https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040
Attachment #793658 - Attachment is obsolete: true
Whiteboard: [need review]
Target Milestone: --- → mozilla26
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
6 years ago
Spec updated accordingly.
You need to log in before you can comment on or make changes to this bug.