Update: This will ship to release in Firefox 102. See Bug 1766828 <https://bugzilla.mozilla.org/show_bug.cgi?id=1766828> for details
On Thu, 31 Mar 2022 at 18:13, Paul Zühlcke <[email protected]> wrote: > Summary: > Restrict opening external protocols from sandboxed iframes. In order to > open external protocols sandboxed BrowsingContexts need to have any of the > following sandbox flags: > > - > > allow-top-navigation-to-custom-protocols > - > > allow-popups > - > > allow-top-navigation > - > > allow-top-navigation-with-user-activation > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1735746 > > Specification: https://html.spec.whatwg.org/#hand-off-to-external-software > Discussion: https://github.com/whatwg/html/issues/2191 > > Platform coverage: all > > Preference: dom.block_external_protocol_navigation_from_sandbox > > Other browsers: > Blink: Intent to Ship > <https://groups.google.com/a/chromium.org/g/blink-dev/c/-t-f7I6VvOI>WebKit: > Patch > <https://github.com/WebKit/WebKit/commit/91bba6b31fd89aaec6e4e9ed5a44d9bb3c91c413> > > web-platform-tests: > Not currently covered by WPT. I’ve filed a bug for adding a test: > https://bugzilla.mozilla.org/show_bug.cgi?id=1762420 However, it is > unclear if it’s possible to test external protocols with the current test > wrapper. > > I'm planning to land a patch for Nightly in the coming days and later > enable it in Release if we don't run into major web compat issues. > > Please reach out if you have any questions or concerns about this change. > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAPdF9uMKQQNKVL85tBXbAo2JGhsQL9Jc2EnU6sf%3Dw4mfjHCHqA%40mail.gmail.com.
