Closed
Bug 847261
Opened 12 years ago
Closed 12 years ago
iframe sandbox attribute allows top-level browsing context to be changed
Categories
(Core :: General, defect)
Core
General
Tracking
()
RESOLVED
DUPLICATE
of bug 785310
People
(Reporter: jtd, Unassigned)
References
()
Details
With the sandbox attribute set on an iframe, Gecko allows top.location.replace to change the location of the top frame. This shouldn't be allowed without "allow-top-navigation" explicitly enabled. http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox Steps to reproduce: 1. Open URL 2. Wait three seconds Expected result: iframe should remain red (Chrome behavior) Result: top-level context changes to apple.com
![]() |
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•