[Bug 29100] New: Current iframe sandbox does not prevent download from sandboxed child frame

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29100

            Bug ID: 29100
           Summary: Current iframe sandbox does not prevent download from
                    sandboxed child frame
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Mac System 7
            Status: NEW
          Severity: major
          Priority: P2
         Component: CR HTML5 spec
          Assignee: robin@w3.org
          Reporter: s.h.h.n.j.k@gmail.com
        QA Contact: public-html-bugzilla@w3.org
                CC: public-html-admin@w3.org
  Target Milestone: ---

Created attachment 1622
  --> https://www.w3.org/Bugs/Public/attachment.cgi?id=1622&action=edit
Please let me know if it does not work

Hi,

Current iframe sandbox does not prevent download from sandboxed child frame.
This allows malicious ads to force download malicious files which users might
think that it is served from trusted parent domain.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Saturday, 29 August 2015 10:45:55 UTC