Closed Bug 916939 Opened 12 years ago Closed 12 years ago

Drop support for named and indexed access on cross-origin windows

Tracking

()

Status:

RESOLVED WONTFIX

Milestone:

mozilla27

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(1 file)

Drop support for named and indexed access on cross-origin windows. v1 12 years ago Bobby Holley (:bholley) 14.53 KB, patch	bzbarsky : review+	Details \| Diff \| Splinter Review

Bobby Holley (:bholley)

Assignee

Description

•

12 years ago

The web currently allows this, and I recently filed [1] to get the spec updated here. But after discussing it, Boris and I think it's a major problem for security and for the general future of the web (especially for the kind of sandboxing everyone wants to move toward). As such, we're going to experiment with removing it. See [2]. [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=21674 [2] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23218#c3

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

Component: DOM → XPConnect

Bobby Holley (:bholley)

Assignee

Comment 1

•

12 years ago

Updated

•

12 years ago

Depends on: 916983

Bobby Holley (:bholley)

Assignee

Comment 2

•

12 years ago

https://tbpl.mozilla.org/?tree=Try&rev=b3786df83924

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

Blocks: 916945

Bobby Holley (:bholley)

Assignee

Comment 3

•

12 years ago

https://tbpl.mozilla.org/?tree=Try&rev=5ed182201e41

Bobby Holley (:bholley)

Assignee

Comment 4

•

12 years ago

https://tbpl.mozilla.org/?tree=Try&rev=992375b718da

Bobby Holley (:bholley)

Assignee

Comment 5

•

12 years ago

Attached patch Drop support for named and indexed access on cross-origin windows. v1 — Details — Splinter Review

This is now green.

Attachment #806287 - Flags: review?(bzbarsky)

Bobby Holley (:bholley)

Assignee

Comment 6

•

12 years ago

Let's make sure there are no disable-if-linux64 tests that rely on this: https://tbpl.mozilla.org/?tree=Try&rev=87154b32287f

Boris Zbarsky [:bzbarsky]

Comment 7

•

12 years ago

Comment on attachment 806287 [details] [diff] [review] Drop support for named and indexed access on cross-origin windows. v1 r=me. Fingers crossed!

Attachment #806287 - Flags: review?(bzbarsky) → review+

Bobby Holley (:bholley)

Assignee

Comment 8

•

12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/86128d3eac88

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 9

•

12 years ago

https://hg.mozilla.org/mozilla-central/rev/86128d3eac88

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Target Milestone: --- → mozilla27

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

No longer depends on: 916983

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

Depends on: 916983

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

No longer blocks: 916945

Alice0775 White

Updated

•

12 years ago

Depends on: 918539

Armin Ronacher

Comment 10

•

12 years ago

Just for the record: this patch just broke Google Hangouts. See Bug 918539.

Bobby Holley (:bholley)

Assignee

Comment 11

•

12 years ago

(In reply to Armin Ronacher from comment #10) > Just for the record: this patch just broke Google Hangouts. See Bug 918539. Yeah, that doesn't bode well for this patch. I'm going to back it out and declare defeat on this one.

Bobby Holley (:bholley)

Assignee

Comment 12

•

12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/db5f948bbb13

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 13

•

12 years ago

https://hg.mozilla.org/mozilla-central/rev/db5f948bbb13

Bobby Holley (:bholley)

Assignee

Updated

•

12 years ago

Resolution: FIXED → WONTFIX

You need to log in before you can comment on or make changes to this bug.