Open
Bug 873300
Opened 12 years ago
Updated 3 years ago
Loading about:home in a sandboxed iframe can cause a security error
Categories
(Firefox :: General, defect)
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: testcase, Whiteboard: [about-home])
Attachments
(1 file)
|
437 bytes,
text/html
|
Details |
JavaScript error: chrome://browser/content/abouthome/aboutHome.js, line 202: SecurityError: The operation is insecure.
Maybe about:home JS should try-catch anything that relies on having an origin?
|
Reporter | |
Comment 1•12 years ago
|
||
Not sure if bug 789348 will help or just shift the error to another line.
|
||
Comment 2•12 years ago
|
||
well, let's add a dependency for now...
Is the blocked bug something I should be able to read, or unimportant?
Depends on: 789348
Whiteboard: [about-home]
|
|
Reporter | |
Comment 3•12 years ago
|
||
The blocked bug is a fuzzer metabug.
|
||
Comment 4•12 years ago
|
||
What operation is insecure?
In any case, we don't really need to support loading about:home in subframes (or websites causing it to load at all, really). We could probably just remove its URI_SAFE_FOR_UNTRUSTED_CONTENT.
|
|
Reporter | |
Comment 5•12 years ago
|
||
> What operation is insecure?
Maybe that's just Firefox's error message when an <iframe sandbox> without allow-same-origin tries to do something that requires same-origin?
|
||
Comment 6•11 years ago
|
||
about:home seems to load fine inside the IFRAME in the attachment now.
The bigger question is: should it? I think we should disable this as a precaution..
|
||
Updated•3 years ago
|
Severity: minor → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•