Intent to prototype: Framebusting Intervention

537 views

Skip to first unread message

Maurice Dauer

unread,

Jun 23, 2025, 8:53:03 AMJun 23

to dev-pl...@mozilla.org

Summary: Limit cross-origin iframes from navigating the top-level browsing context unless specific legitimacy conditions are met. This intervention will enhance user security and improve web compatibility.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1419501.

Specification: None so far. Improving the specification will be part of this work. Issue: https://github.com/whatwg/html/issues/8013.

Standards Body: WHATWG.

Platform Coverage: All.

Preference: dom.security.framebusting_intervention

DevTools Bug: Not required. Our patch will add logging to the console.

Link to standards-positions discussion: N/A.

Other browsers:

Blink: Shipped in M68 (https://chromestatus.com/feature/5851021045661696).
WebKit: Shipped in Safari 13 (https://bugs.webkit.org/show_bug.cgi?id=193076).

Web Platform Tests: None so far. Will be added as part of the main bug.

Reply all

Reply to author

Forward

0 new messages