[Bug 13032] New: "allow-plugins" option for iframe sandbox attribute from bugzilla@jessica.w3.org on 2011-06-23 (public-html@w3.org from June 2011)

From: <bugzilla@jessica.w3.org>
Date: Thu, 23 Jun 2011 18:19:42 +0000
To: public-html@w3.org
Message-ID: <bug-13032-2495@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032

           Summary: "allow-plugins" option for iframe sandbox attribute
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: shane@eznettools.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


I propose that an "allow-plugins" option be added for the iframe sandbox
attribute similar to the "allow-scripts" and "allow-forms" options. When
included in the sandbox attribute value, the nested browsing context would be
allowed to instantiate plugins. 

The specification text should be changed from:

  "The sandboxed plugins browsing context flag"

to:

  "The sandboxed plugins browsing context flag, unless the sandbox attribute's
   value, when split on spaces, is found to have the allow-plugins keyword set"

I am currently working on a kiosk application and want to prevent content
rendered in an iframe from being able to open new windows or tabs that are
outside of the control of the kiosk application. The sandbox attribute (when
fully supported) seems like a perfect solution, except that many of the
sandboxed pages (which may be out of our control) will have flash content.

I realize that allowing plugins in sandboxed iframes opens a wide hole,
potentially making the sandbox completely ineffective. However, for my use case
I do not think the risk is that severe. I have a certain amount of control over
what pages are navigated to. I also have control over which plugins are
installed. I am more concerned with window.open and the target attribute than I
am with flash or a quicktime video doing something malicious.

In short I would like to be able to do something like:

  sandbox="allow-scripts allow-forms allow-plugins"

to allow the sandboxed page to render fully (including flash and other
plugin-based content), while still preventing the common methods of opening new
windows/tabs.

Even with the security risk, I believe the option should available so the
developer can make the determination.

Thank you for your consideration.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Thursday, 23 June 2011 18:19:43 UTC