[wpt-sync] Sync PR 20250 - Prevent sandboxed frames from navigating to `javascript:`.
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 20250 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/20250
Details from upstream follow.
Mike West <mkwst@chromium.org> wrote:
Prevent sandboxed frames from navigating to
javascript:
.Frames with the
allow-popup
andallow-popup-to-escape-sandbox
flags
can cause JavaScript execution in their origin by navigating to a
javascript:
URL viatarget=_blank
or similar. This is technically
correct, but surprising.https://github.com/whatwg/html/pull/5083 aims to tighten that check to
match developers' expectations thatjavascript:
URLs controlled by a
page that's been sandboxed away from script will not execute.Bug: 1014371
Change-Id: I3b5fa676e73cbf78485b85ce2593284bce2e68cc
Reviewed-on: https://chromium-review.googlesource.com/1916467
WPT-Export-Revision: 61f75fdd50914553f2f5b43af98f1330708aaec6
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Comment 3•5 years ago
|
||
Comment 4•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5379811f4fed
https://hg.mozilla.org/mozilla-central/rev/60d24475b40f
Description
•