Closed
Bug 769771
Opened 12 years ago
Closed 12 years ago
add ability to opt-in to content docshell for html:iframes inserted into chrome documents
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla16
People
(Reporter: Gavin, Assigned: Gavin)
References
Details
(Keywords: dev-doc-needed)
Attachments
(1 file)
|
(deleted),
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
The social functionality in bug 762569 and the identity sandbox in bug 762993 both want to insert iframes into the hidden window to run script in a hidden sandbox. We want this to run in a type=content docShell, but we can't create a xul:iframe (which supports being marked type="content") because on Win/Linux the hidden window is unprivileged. So we need to make it possible to mark html:iframes as type="content".
|
Assignee | |
Comment 1•12 years ago
|
||
This takes the approach of adding a "mozframetype" attribute, used for non-XUL containers.
|
|
Assignee | |
Updated•12 years ago
|
Attachment #637996 -
Flags: review? → review?(bzbarsky)
|
||
Comment 2•12 years ago
|
||
Comment on attachment 637996 [details] [diff] [review]
patch+test
r=me
Attachment #637996 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 3•12 years ago
|
||
Target Milestone: --- → mozilla16
|
|
Assignee | |
Comment 4•12 years ago
|
||
dev-doc-needed: HTML iframes in chrome documents can now specify the mozframetype="content" attribute to opt-in to having a content docShell, which creates a chrome<->content boundary. This is equivalent to the type="content" attribute that already existed on xul:iframes.
Keywords: dev-doc-needed
|
||
Comment 5•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 6•12 years ago
|
||
Wouldn't it have been safer to make HTML iframes default to type "content", and require the use of mozframetype to make them explicitly privileged?
|
|
||
Comment 7•12 years ago
|
||
Yes, that's what the checked-in patch does. The bug summary just doesn't match what actually happened. Lemme fix that. ;)
Summary: add ability to opt-in to content docshell for html:iframes inserted into chrome documents → add ability to opt-in to chrome docshell for html:iframes inserted into chrome documents
|
|
||
Comment 8•12 years ago
|
||
Er, I lie.
So yes, it would have been safer. But it would have broken any existing consumers (e.g. extensions) that are assuming that <html:iframe> is always chrome. If we'd been willing to break those, we would have just made @type work as the opt-in instead of adding the new attribute....
Summary: add ability to opt-in to chrome docshell for html:iframes inserted into chrome documents → add ability to opt-in to content docshell for html:iframes inserted into chrome documents
dveditz, I fought and lost this battle before too ;).
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•