Closed
Bug 1634262
Opened 5 years ago
Closed 4 years ago
Refuse nested `Document.execCommand()` calls by default in release builds
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
82 Branch
Tracking | Status | |
---|---|---|
firefox82 | --- | fixed |
People
(Reporter: masayuki, Assigned: masayuki)
References
Details
(Keywords: dev-doc-needed, parity-chrome, site-compat)
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
Currently, we don't have any regression reports for bug 1611374, and we should change it in release channel as soon as possible, but unfortunately, we shouldn't do this kind of changes under COVID-19 situation.
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Keywords: site-compat
Updated•5 years ago
|
Severity: -- → S3
Comment 1•4 years ago
|
||
We've reviewed this with the Web Compatibility team and think it is a low risk to remove this from Firefox Release at this point.
Assignee | ||
Comment 2•4 years ago
|
||
It's disabled in the Nightly channel and early beta half a year ago, but there
are no regression reports and Chrome has already disabled it since 2014.
So, let's disable this feature on the Release channel (and late Beta) too
for better security and making simpler implementation in the future.
Depends on D87990
Pushed by masayuki@d-toybox.com:
https://hg.mozilla.org/integration/autoland/rev/f725948fa93a
Disallow recursive `Document.execCommand()` calls r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25245 for changes under testing/web-platform/tests
Comment 5•4 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox82:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
Upstream PR merged by moz-wptsync-bot
Updated•4 years ago
|
Keywords: dev-doc-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•