[Bug 29100] New: Current iframe sandbox does not prevent download from sandboxed child frame from bugzilla@jessica.w3.org on 2015-08-29 (public-html-admin@w3.org from August 2015)

From: <bugzilla@jessica.w3.org>
Date: Sat, 29 Aug 2015 10:45:53 +0000
To: public-html-admin@w3.org
Message-ID: <bug-29100-2495@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29100

            Bug ID: 29100
           Summary: Current iframe sandbox does not prevent download from
                    sandboxed child frame
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Mac System 7
            Status: NEW
          Severity: major
          Priority: P2
         Component: CR HTML5 spec
          Assignee: robin@w3.org
          Reporter: s.h.h.n.j.k@gmail.com
        QA Contact: public-html-bugzilla@w3.org
                CC: public-html-admin@w3.org
  Target Milestone: ---

Created attachment 1622
  --> https://www.w3.org/Bugs/Public/attachment.cgi?id=1622&action=edit
Please let me know if it does not work

Hi,

Current iframe sandbox does not prevent download from sandboxed child frame.
This allows malicious ads to force download malicious files which users might
think that it is served from trusted parent domain.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Saturday, 29 August 2015 10:45:55 UTC