Summary: Limit cross-origin iframes from navigating the top-level browsing context unless specific legitimacy conditions are met. This intervention will enhance user security and improve web compatibility.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1419501. Specification: None so far. Improving the specification will be part of this work. Issue: https://github.com/whatwg/html/issues/8013. Standards Body: WHATWG. Platform Coverage: All. Preference: dom.security.framebusting_intervention DevTools Bug: Not required. Our patch will add logging to the console. Link to standards-positions discussion: N/A. Other browsers: - Blink: Shipped in M68 (https://chromestatus.com/feature/5851021045661696 ). - WebKit: Shipped in Safari 13 ( https://bugs.webkit.org/show_bug.cgi?id=193076). Web Platform Tests: None so far. Will be added as part of the main bug. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADHo6JCPuqYtE1MUw%3DaB52vPD1_4sa3TyEOuD%2BLVpfJXEycq1w%40mail.gmail.com.
