Disable data URLs in top-level navigation #2424

jumde · 2020-03-24T19:30:06Z

Data URLs should not be allowed in top-level navigation

Actual result:
Should not navigate to a data URL

Expected result:
Navigates to a data URL

Reproduces how often: [Easily reproduced, Intermittent Issue]
Easily

jumde · 2020-03-24T19:46:45Z

jumde · 2020-03-24T20:06:18Z

We'll be using the same exceptions specified in the blog.

iccub · 2020-03-30T17:14:40Z

Bumping to 1.16 for now since this requires more work and thought, if we will be able to fit it into 1.15.1 I will change the milestone back

garvankeeley · 2020-03-31T21:54:44Z

jumde added the security label Mar 24, 2020

Brandon-T linked a pull request Mar 24, 2020 that will close this issue

Fix #2424: Disabling Synthetic clicks on WebPages #2419

Open

7 tasks

diracdeltas mentioned this issue Mar 24, 2020

Disabling Synthetic Clicks on Web Pages #2422

Closed

iccub linked a pull request Mar 25, 2020 that will close this issue

Fix #2424: Disabling Synthetic clicks on WebPages #2419

Open

7 tasks

iccub added this to the 1.15.1 milestone Mar 26, 2020

iccub added enhancement Epic: Security QA/Yes release-notes/exclude labels Mar 26, 2020

iccub assigned Brandon-T Mar 26, 2020

iccub modified the milestones: 1.15.1, 1.16 Mar 30, 2020

jhreis added this to To do in Master List via automation Apr 10, 2020

jhreis removed this from the 1.16 milestone Apr 22, 2020

diracdeltas added the priority/P3 The next thing for us to work on. label Oct 27, 2020

Provide feedback