Closed Bug 916939 Opened 7 years ago Closed 7 years ago
Drop support for named and indexed access on cross-origin windows
The web currently allows this, and I recently filed  to get the spec updated here. But after discussing it, Boris and I think it's a major problem for security and for the general future of the web (especially for the kind of sandboxing everyone wants to move toward). As such, we're going to experiment with removing it. See .  https://www.w3.org/Bugs/Public/show_bug.cgi?id=21674  https://www.w3.org/Bugs/Public/show_bug.cgi?id=23218#c3
See also bug 916945.
This is now green.
Attachment #806287 - Flags: review?(bzbarsky)
Let's make sure there are no disable-if-linux64 tests that rely on this: https://tbpl.mozilla.org/?tree=Try&rev=87154b32287f
Comment on attachment 806287 [details] [diff] [review] Drop support for named and indexed access on cross-origin windows. v1 r=me. Fingers crossed!
Attachment #806287 - Flags: review?(bzbarsky) → review+
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Just for the record: this patch just broke Google Hangouts. See Bug 918539.
(In reply to Armin Ronacher from comment #10) > Just for the record: this patch just broke Google Hangouts. See Bug 918539. Yeah, that doesn't bode well for this patch. I'm going to back it out and declare defeat on this one.
You need to log in before you can comment on or make changes to this bug.