Closed Bug 907892 Opened 11 years ago Closed 11 years ago

Disallow setting document.domain in sandboxed iframes

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla26

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, site-compat)

Attachments

(1 file, 1 obsolete file)

Disallow setting document.domain in sandboxed iframes. 11 years ago Boris Zbarsky [:bzbarsky] 5.47 KB, patch	smaug : review+	Details \| Diff \| Splinter Review
With prettier urls 11 years ago Boris Zbarsky [:bzbarsky] 5.50 KB, patch		Details \| Diff \| Splinter Review

Boris Zbarsky [:bzbarsky]

Assignee

Description

•

11 years ago

mrbkap and bholley are for, no one is against.  If this sticks, we can assume that different-origin sandboxed iframes will remain different-origin forever and put them in separate processes/tasks/whatever.

Boris Zbarsky [:bzbarsky]

Assignee

Updated

•

11 years ago

Whiteboard: [need review]

Boris Zbarsky [:bzbarsky]

Assignee

Comment 1

•

11 years ago

Attached patch Disallow setting document.domain in sandboxed iframes. (obsolete) — Details — Splinter Review

Attachment #793658 - Flags: review?(bugs)

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 2

•

11 years ago

Comment on attachment 793658 [details] [diff] [review]
Disallow setting document.domain in sandboxed iframes.

Spec bug filed?

Also, could you use ?sandboxed and ?normal or some such, and not ?1 and ?0

Attachment #793658 - Flags: review?(bugs) → review+

David Bruant

Comment 3

•

11 years ago

(In reply to Olli Pettay [:smaug] from comment #2)
> Spec bug filed?
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23040

Boris Zbarsky [:bzbarsky]

Assignee

Comment 4

•

11 years ago

Attached patch With prettier urls — Details — Splinter Review

Boris Zbarsky [:bzbarsky]

Assignee

Updated

•

11 years ago

Attachment #793658 - Attachment is obsolete: true

Boris Zbarsky [:bzbarsky]

Assignee

Comment 5

•

11 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/4579c96c94a3

Flags: in-testsuite+

Whiteboard: [need review]

Target Milestone: --- → mozilla26

Ryan VanderMeulen [:RyanVM]

Comment 6

•

11 years ago

https://hg.mozilla.org/mozilla-central/rev/4579c96c94a3

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → FIXED

Kohei Yoshino [:kohei]

Updated

•

11 years ago

Keywords: dev-doc-needed, site-compat

OS: Mac OS X → All

Hardware: x86 → All

Kohei Yoshino [:kohei]

Comment 7

•

11 years ago

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/26/Site_Compatibility

Keywords: dev-doc-needed → dev-doc-complete

Hixie (not reading bugmail)

Comment 8

•

11 years ago

Spec updated accordingly.

David Bruant

Updated

•

10 years ago

Blocks: 961689

David Bruant

Updated

•

10 years ago

Depends on: 963093

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Disallow setting document.domain in sandboxed iframes

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, site-compat)

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Updated

Comment 5

Comment 6

Updated

Comment 7

Comment 8

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type