Open Bug 752563 Opened 13 years ago Updated 2 years ago

iframe sandbox worker tests need a test for cross-domain blob objects

Tracking

()

Status:

NEW

People

(Reporter: imelven, Unassigned)

References

Details

Ian Melven :imelven

Reporter

Description

•

13 years ago

when bug 722126 ""Can't transfer File objects with postMessage cross domain" is fixed, the iframe sandbox tests (see bug 341604) need an test added to make sure that a worker in a sandboxed iframe with 'allow-scripts' cannot be loaded from a blob URI that was not created by the sandboxed document itself (ie a blob that was created with a different principal than the sandboxed document that created the worker, this should not be allowed)

Ian Melven :imelven

Reporter

Updated

•

13 years ago

Depends on: 722126, framesandbox

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

iframe sandbox worker tests need a test for cross-domain blob objects

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: imelven, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated