New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684011 link

Starred by 8 users

Issue metadata

Status: Fixed
Closed: Apr 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Exp-Leadership: ----
Launch-Leadership: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: 60-Dev , 60-Beta , 60-Stable-Exp , 60-Stable
Launch-Privacy: ----
Launch-Security: ----
Launch-Test: ----
Launch-UI: ----
Rollout-Type: ----

Blocked on:
issue 594215

Sign in to add a comment

Remove: Top frame navigations to data URLs

Project Member Reported by, Jan 23 2017

Issue description

Change description:
We intend to block web pages from loading data:URLs in the top frame using <A> tags,, window.location and similar mechanisms.

Changes to API surface:
see above

Public standards discussion: 

Support in other browsers:
Internet Explorer: IE and Edge already block navigations to data URLs. 

*Make sure to fill in any labels with a -?, including all OSes this change
affects. Feel free to leave other labels at the defaults.


Comment 1 by, Jan 23 2017

Blockedon: 594215
Description: Show this description

Comment 3 by, Jan 25 2017

Summary: Remove: Content initiated top frame navigations to data URLs (was: Remove: Content initiated top frame navigations to data, blob and filesystem URLs)
Summary: Remove: Top frame navigations to data URLs (was: Remove: Content initiated top frame navigations to data URLs)
Current status:
* deprecated with console warning in M58.
* removal currently scheduled for M59.

Comment 7 by, Mar 23 2017

> * deprecated with console warning in M58.

Small correction: We merged the console warning to M57.
Labels: -Launch-M-Target-58-Dev -Launch-M-Target-58-Beta -Launch-M-Target-58-Stable-Exp -Launch-M-Target-58-Stable Launch-M-Target-59-Dev Launch-M-Target-59-Beta Launch-M-Target-59-Stable-Exp Launch-M-Target-59-Stable
@meacer any update on the removal? (or CL I can follow?) should we check back in with the I2R?
Labels: -M-58 M-59
CL is at We noted that we need to allow data URL to data URL navigations, so I'm working on that. How about we check back in next week?
yep! (wow big CL)
Labels: -M-59 -Launch-M-Target-59-Dev -Launch-M-Target-59-Beta -Launch-M-Target-59-Stable-Exp -Launch-M-Target-59-Stable M-60 Launch-M-Target-60-Dev Launch-M-Target-60-Beta Launch-M-Target-60-Stable-Exp Launch-M-Target-60-Stable
Status: Fixed (was: Assigned)
Update: change landed for the removal in M60 and will be rolling through channels.
ยังไม่เเน่ใจครับเพิ่งรับมาใช้ ยังไม่เน่ใจขอเวลาเพิ่มเติมก่อนนะครับ
 Issue 742702  has been merged into this issue.
This did break the Android Hybrid app which get re-directs from Java script ... It took us almost 2 months to figure out the problem as we never expected this change can break our app.
re-directs of the nature window.location were not honored by Web view clients second time onwards (?)..

We had to write a work around ot create temporary i/Frame and attach the re-direct to it and remove iFrame. Any better solution?


Sign in to add a comment