nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/toolkit/components/url-classifier/docs/flash-block-lists.rst
Kirk Steuber bae89898aa Bug 1345611 - Change behavior of subdocument Flash blocking to be Third-Party Flash blocking r=bsmedberg,qdot 
The previous implementation regarding to the Flash Blocking Subdocument list blocked all subdocuments that matched the list. This patch changes that so that subdocuments are only blocked if they are on the Subdocument Block List and also are loaded in a Third-Party context.

The changes to cert8.db and key3.db add the https certificate for subdocument.example.com so that testing can verify that a scheme mismatch between the document and its parent results in a third-party classification.

MozReview-Commit-ID: IXnA4iPzB4y

--HG--
extra : rebase_source : 103c1e184d4219e6db9d00da1ea54674a0e216dd
2017-03-10 10:50:21 -08:00

38 lines
2.1 KiB
ReStructuredText
Raw Blame History

=========================
List Based Flash Blocking
=========================
List based Flash blocking currently uses six lists.
The lists specify what domains/subdomains Flash is allowed to or denied from loading on.
The domains specified by the lists indicate the domain of the document that the Flash is loaded in, not the domain hosting the Flash content itself.
* Allow List
* Allow Exceptions List
* Deny List
* Deny Exceptions List
* Sub-Document Deny List
* Sub-Document Deny Exceptions List
If a page is on a list and the corresponding "Exceptions List", it is treated as though it is not on that list.
Classification
==============
Documents can be classified as Allow, Deny or Unknown.
Documents with an Allow classification may load Flash normally.
Documents with a Deny classification may not load Flash at all.
A Deny classification overrides an Allow classification.
The Unknown classification is the fall-through classification; it essentially just means that the document did not receive an Allow or Deny classification.
Documents with an Unknown classification will have Flash set to Click To Activate.
If the document is at the top level (its address is in the URL bar), then the Deny List is checked first followed by the Allow List to determine its classification.
If the document is not at the top level, it will receive a Deny classification if the classification of the parent document is Deny or if the document is on the Deny List.
It will also receive a Deny classification if the sub-document is not same-origin and the document is on the Sub-Document Deny List.
If the document did not receive a Deny classification, it can receive an Allow classification if it is on the Allow List or if the parent document received an Allow classification.
If for any reason, the document has a null principal, it will receive a Deny classification.
Some examples of documents that would have a null principal are:
* Data URIs <https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs> loaded directly from the URL bar. Data URIs loaded by a page should inherit the loading page's permissions.
* URIs that are rendered with the JSON viewer
View git blame Copy permalink