Iframe with sandbox="allow-scripts"

Fixed Issue #14268230


Aleksey L.
Oct 17, 2017
This issue is public.
Found in
  • Microsoft Edge
Found in build #
Fixed in build #
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Once allow-scripts specified, Edge attaches main document’s cookies to all XHR requests despite they (cookies) should not be accessible until allow-same-origin not specified.


0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

    • Let me know if you need more info to reproduce the bug

    • Microsoft Edge Team

      Changed Assigned To to “Scott L.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Scott W.”

      Changed Assigned To from “Scott W.” to “Ali A.”

      Changed Status to “Fixed”

    • Thank you for filing this bug, Aleksey. We are happy to report that this bug has been fixed. Thank you for providing us with your feedback.

    • Thank you Ali. Will the fix be available in the next version of Edge?

    You need to sign in to your Microsoft account to add a comment.

    Sign in