Closed Bug 907892 Opened 6 years ago Closed 6 years ago

Disallow setting document.domain in sandboxed iframes

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla26

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(1 file, 1 obsolete file)

mrbkap and bholley are for, no one is against.  If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.
Whiteboard: [need review]
Comment on attachment 793658 [details] [diff] [review]
Disallow setting document.domain in sandboxed iframes.

Spec bug filed?

Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0
Attachment #793658 - Flags: review?(bugs) → review+
(In reply to Olli Pettay [:smaug] from comment #2)
> Spec bug filed?
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040
Attachment #793658 - Attachment is obsolete: true
https://hg.mozilla.org/integration/mozilla-inbound/rev/4579c96c94a3
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla26
https://hg.mozilla.org/mozilla-central/rev/4579c96c94a3
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
OS: Mac OS X → All
Hardware: x86 → All
Spec updated accordingly.
Blocks: 961689
Depends on: 963093
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.