Comment 201 for bug 1022741

(In reply to Olli Pettay [:smaug] from comment #198)
> Comment on attachment 634584
> iframe sandbox v18
>
> >+
> >+ // Set up the actual sandboxing for plugins as specified.
> >+ if (sandboxFlags & SANDBOXED_PLUGINS) {
> >+ mDocShell->SetAllowPlugins(false);
> >+ }
> >+ }
> >+ }
> So it is never possible to enable plugins if they are once disabled for an
> iframe?

as discussed on IRC, if the sandbox attribute is removed from the iframe, plugins should be re-enabled for the next document loaded - reading back through the comments, i realized i tested the other case (adding a sandbox attribute and reloading blocks plugins) but not this case. I'll fix this case and see if I can add a test to the mochitests for it as well.

> >
> >+ // If this document is sandboxed without 'allow-scripts', abort.
> >+ if (mDocument->SandboxFlags() & SANDBOXED_SCRIPTS) {
> >+ // REVIEW : this probably isn't the right error..
> >+ return NS_ERROR_DOM_SECURITY_ERR;
> >+ }
> Do we want to return error at all? Would NS_OK work - just don't execute or
> load the script?

The closest piece of the spec I can find says :

"If scripting is disabled for browsing context passed to this algorithm, then abort these steps, as if the script did nothing but return void."

which implies to me there should not be an error. It's probably a good idea for me to check what the other browsers do in this case as well.