Open Bug 1419501 Opened 7 years ago Updated 2 years ago

consider requiring user interaction for cross-origin iframe window.top.location navigation

Tracking

()

Status:

NEW

People

(Reporter: bkelly, Unassigned)

References

(
URL
)

Details

Ben Kelly [:bkelly, not reviewing]

Reporter

Description

•

7 years ago

We should consider requiring user interaction before allowing a cross-origin iframe to navigate the top window. For example, to prevent stuff like this: https://twitter.com/NateTheFinch/status/933030604844740609 Chrome has been running an intervention to experiment with this and are shipping some kind of mitigation in chrome 64: https://github.com/WICG/interventions/issues/16 If they are successful in shipping that, it might be nice to follow suit.

Hsin-Yi Tsai (she/her) [:hsinyi]

Updated

•

7 years ago

Priority: -- → P3

:Gijs (he/him)

Updated

•

6 years ago

See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=1433267

Nobody; OK to take it and work on it

Assignee

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Edgar Chen [:edgar]

Updated

•

2 years ago

URL: https://github.com/whatwg/html/issues...

Daniel Veditz [:dveditz]

Updated

•

2 years ago

Duplicate of this bug: 1814879

You need to log in before you can comment on or make changes to this bug.

Bugzilla

consider requiring user interaction for cross-origin iframe window.top.location navigation

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Tracking

()

People

(Reporter: bkelly, Unassigned)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated