Bug 1469714 - Part 1: Add the allow-storage-access-by-user-activation iframe sandbox flag; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 12 Sep 2018 19:19:55 -0400
changeset 436818 0bd20397d9b0b00a73cb7aa8081e5dcf7135f87a
parent 436817 61b1c8ba788952712328d0d4db5c088df4b024b9
child 436819 c5c95129eeb3d2a1da3345d660a6ea0547791ea3
push id34660
push userbtara@mozilla.com
push dateMon, 17 Sep 2018 21:58:52 +0000
treeherdermozilla-central@87a95e1b7ec6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1469714
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1469714 - Part 1: Add the allow-storage-access-by-user-activation iframe sandbox flag; r=baku Differential Revision: https://phabricator.services.mozilla.com/D5810
dom/base/IframeSandboxKeywordList.h
dom/base/nsSandboxFlags.h
xpcom/ds/StaticAtoms.py
--- a/dom/base/IframeSandboxKeywordList.h
+++ b/dom/base/IframeSandboxKeywordList.h
@@ -20,8 +20,10 @@ SANDBOX_KEYWORD("allow-pointer-lock", al
 SANDBOX_KEYWORD("allow-orientation-lock", alloworientationlock,
 		SANDBOXED_ORIENTATION_LOCK)
 SANDBOX_KEYWORD("allow-popups", allowpopups, SANDBOXED_AUXILIARY_NAVIGATION)
 SANDBOX_KEYWORD("allow-modals", allowmodals, SANDBOXED_MODALS)
 SANDBOX_KEYWORD("allow-popups-to-escape-sandbox", allowpopupstoescapesandbox,
                 SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS)
 SANDBOX_KEYWORD("allow-presentation", allowpresentation,
                 SANDBOXED_PRESENTATION)
+SANDBOX_KEYWORD("allow-storage-access-by-user-activation",
+                allowstorageaccessbyuseractivatetion, SANDBOXED_STORAGE_ACCESS)
--- a/dom/base/nsSandboxFlags.h
+++ b/dom/base/nsSandboxFlags.h
@@ -107,10 +107,15 @@ const unsigned long SANDBOX_PROPAGATES_T
  */
 const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x2000;
 
 /**
  * This flag disables the Presentation API.
  */
 const unsigned long SANDBOXED_PRESENTATION = 0x4000;
 
-const unsigned long SANDBOX_ALL_FLAGS = 0x7FFF;
+/**
+ * This flag disables access to the first-party storage area by user activation.
+ */
+const unsigned long SANDBOXED_STORAGE_ACCESS = 0x8000;
+
+const unsigned long SANDBOX_ALL_FLAGS = 0xFFFF;
 #endif
--- a/xpcom/ds/StaticAtoms.py
+++ b/xpcom/ds/StaticAtoms.py
@@ -69,16 +69,18 @@ STATIC_ATOMS = [
     Atom("allowfullscreen", "allowfullscreen"),
     Atom("allowmodals", "allow-modals"),
     Atom("alloworientationlock", "allow-orientation-lock"),
     Atom("allowpaymentrequest", "allowpaymentrequest"),
     Atom("allowpointerlock", "allow-pointer-lock"),
     Atom("allowpopupstoescapesandbox", "allow-popups-to-escape-sandbox"),
     Atom("allowpopups", "allow-popups"),
     Atom("allowpresentation", "allow-presentation"),
+    Atom("allowstorageaccessbyuseractivatetion",
+         "allow-storage-access-by-user-activation"),
     Atom("allowsameorigin", "allow-same-origin"),
     Atom("allowscripts", "allow-scripts"),
     Atom("allowscriptstoclose", "allowscriptstoclose"),
     Atom("allowtopnavigation", "allow-top-navigation"),
     Atom("allowuntrusted", "allowuntrusted"),
     Atom("alt", "alt"),
     Atom("alternate", "alternate"),
     Atom("always", "always"),