Open
Bug 1195831
Opened 9 years ago
Updated 2 years ago
sandboxed iframe allows unpreventable top navigation via backspace key
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
NEW
People
(Reporter: jason, Unassigned)
References
Details
Attachments
(1 file)
477 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Build ID: 20150807085045 Steps to reproduce: 1. Create a page with a sandboxed <iframe> that uses a keydown event handler to preventDefault() on Backspace (to prevent accidental Back navigation) 2. Navigate to the page from Step 1 3. Click inside the sandboxed <iframe> 4. Hit the Backspace key Actual results: Back navigation!, even though top-level navigation should be disallowed due to sandbox attribute. And top-level document's onkeydown event was not raised, making the top-level navigation unpreventable. Since the iframe is sandboxed, I can't add script in the iframe's document to detect Backspace key unless I use sandbox="allow-scripts". Expected results: If Backspace key inside an <iframe> can perform top-level Back navigation, then that key event should be observable (and preventable) within the context of the top-level window (and/or be observable on the <iframe> element itself).
Same behavior in IE and Chrome as well. Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=522120
Comment 2•9 years ago
|
||
Related: bug 1041377
Updated•9 years ago
|
Component: Untriaged → Keyboard Navigation
Product: Core → Firefox
Updated•8 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Updated•5 years ago
|
Component: Keyboard: Navigation → User events and focus handling
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•