Open Bug 1600310 Opened 5 years ago Updated 2 years ago

Write CSP frame-ancestor test for about:blank

Tracking

()

Status:

NEW

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

5 years ago

The test setup should be like that

Top-level page hosts a CSP with "frame-ancestors 'none'
Top-level page dynamically loads an iframe of about:blank and starts writing into it
since about: pages inherit the CSP we should ensure the frame is not blocked and we can actually write into it.

FWIW, the problem occured within Bug 1600174 and we were surprised there was no test for this scenario.

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

5 years ago

Blocks: csp-w3c-3

See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=1600174

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

5 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog1]

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Write CSP frame-ancestor test for about:blank

Categories

(Core :: DOM: Security, task, P3)

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated