Just to get some idea how many tests would be broken: https://treeherder.mozilla.org/#/jobs?repo=try&revision=28735d0f2e5516c5a6d1f7805a065a6edbd8f28b
On 09/13/2016 03:31 PM, Frederik Braun wrote:
Firefox treats iframes pointing to a data URL as same-origin. This is all well-known, was part of the HTML spec and has been discussed before [1,2] What has changed now is the HTML spec text[3]: Given that EdgeHTML, Webkit and Blink violated this requirement, the standard now turned around and assigns them a unique opaque origin. I'll gladly accept the fact that we are not the violator, given the security implications [1]. The GitHub related issue[4] included a discussion with some of our DOM folks, but did not come to a conclusion as to what we plan to do here. Is back compat the main concern? I'd be happy to add a telemetry probe and a devtools warning if someone is willing to point me in the right direction. Thanks, Freddy [1] https://bugzilla.mozilla.org/show_bug.cgi?id=255107 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1018872 [3] https://github.com/whatwg/html/commit/00769464e80149368672b894b50881134da4602f [4] https://github.com/whatwg/html/issues/1753
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
