Closed
Bug 916939
Opened 11 years ago
Closed 11 years ago
Drop support for named and indexed access on cross-origin windows
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
WONTFIX
mozilla27
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(1 file)
14.53 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
The web currently allows this, and I recently filed [1] to get the spec updated here. But after discussing it, Boris and I think it's a major problem for security and for the general future of the web (especially for the kind of sandboxing everyone wants to move toward). As such, we're going to experiment with removing it. See [2]. [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=21674 [2] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23218#c3
Assignee | ||
Updated•11 years ago
|
Component: DOM → XPConnect
Assignee | ||
Comment 1•11 years ago
|
||
See also bug 916945.
Assignee | ||
Comment 2•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=b3786df83924
Assignee | ||
Comment 3•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=5ed182201e41
Assignee | ||
Comment 4•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=992375b718da
Assignee | ||
Comment 6•11 years ago
|
||
Let's make sure there are no disable-if-linux64 tests that rely on this: https://tbpl.mozilla.org/?tree=Try&rev=87154b32287f
Comment 7•11 years ago
|
||
Comment on attachment 806287 [details] [diff] [review] Drop support for named and indexed access on cross-origin windows. v1 r=me. Fingers crossed!
Attachment #806287 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 8•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/86128d3eac88
https://hg.mozilla.org/mozilla-central/rev/86128d3eac88
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Comment 10•11 years ago
|
||
Just for the record: this patch just broke Google Hangouts. See Bug 918539.
Assignee | ||
Comment 11•11 years ago
|
||
(In reply to Armin Ronacher from comment #10) > Just for the record: this patch just broke Google Hangouts. See Bug 918539. Yeah, that doesn't bode well for this patch. I'm going to back it out and declare defeat on this one.
Assignee | ||
Comment 12•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/db5f948bbb13
Assignee | ||
Updated•11 years ago
|
Resolution: FIXED → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•