content script is not executed in an iframe when the sandbox attribute is set
Categories
(WebExtensions :: Compatibility, defect)
Tracking
(Not tracked)
People
(Reporter: gildas.lormeau, Unassigned)
Details
Attachments
(1 file)
|
(deleted),
application/x-zip-compressed
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Steps to reproduce:
The file extension.zip is a web extension containing a content script. This content script logs the location address of the displayed page and is injected in all frames.
The file pages.zip contains a HTML page that has an iframe with the sandbox attribute set. The src of the iframe is https://www.example.com.
1 - Unzip extension.zip and install the web extension manually in Firefox
2 - Unzip pages.zip anywhere
3 - Open the index.html file from pages.zip into a new tab in Firefox
4 - Open the developer tools and select the console tab
Actual results:
The console displays:
file:///[... path to the index.html file ...]/index.html
In Chrome, the console displays as expected:
file:///[... path to the index.html file ...]/index.html
https://www.example.com/
Expected results:
The console in Firefox should have displayed:
file:///[... path to the index.html file ...]/index.html
https://www.example.com/
|
Reporter | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Comment 2•5 years ago
|
||
This bug also prevents uBO from injecting cosmetic filters/scriptlets on iframe with sandbox attribute -- https://github.com/uBlockOrigin/uBlock-issues/issues/963
Description
•