Closed Bug 1596382 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 20250 - Prevent sandboxed frames from navigating to `javascript:`.

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 20250 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20250
Details from upstream follow.

Mike West <mkwst@chromium.org> wrote:

Prevent sandboxed frames from navigating to javascript:.

Frames with the allow-popup and allow-popup-to-escape-sandbox flags
can cause JavaScript execution in their origin by navigating to a
javascript: URL via target=_blank or similar. This is technically
correct, but surprising.

https://github.com/whatwg/html/pull/5083 aims to tighten that check to
match developers' expectations that javascript: URLs controlled by a
page that's been sandboxed away from script will not execute.

Bug: 1014371
Change-Id: I3b5fa676e73cbf78485b85ce2593284bce2e68cc
Reviewed-on: https://chromium-review.googlesource.com/1916467
WPT-Export-Revision: 61f75fdd50914553f2f5b43af98f1330708aaec6

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5379811f4fed [wpt PR 20250] - Prevent sandboxed frames from navigating to `javascript:`., a=testonly https://hg.mozilla.org/integration/autoland/rev/60d24475b40f [wpt PR 20250] - Update wpt metadata, a=testonly
Test result changes from PR not available.

https://hg.mozilla.org/mozilla-central/rev/5379811f4fed
https://hg.mozilla.org/mozilla-central/rev/60d24475b40f

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.