W3C home > Mailing lists > Public > public-web-security@w3.org > November 2011

Re: Understanding the security model for the sandbox directive

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 9 Nov 2011 15:55:12 -0800
Message-ID: <CAJE5ia8x+mSr8DSjZNmNBRYFZPsBDmBNNH4AGM=v354dfOfJ+g@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: public-web-security@w3.org, Jacob Rossi <jrossi@microsoft.com>
On Wed, Nov 9, 2011 at 3:51 PM, Ian Hickson <ian@hixie.ch> wrote:
> On Fri, 4 Nov 2011, Adam Barth wrote:
>>
>> 2) Refuse to load documents with a CSP sandbox directive in the main
>> frame.  Site can, of course, continue to load them in subframes.  We
>> could then apply the sandbox policy to the iframe and all future
>> documents that load in that frame.  There's no "poisoning" issues as
>> above because navigating the main frame clears out the policy.
>>
>> Of these choices, I favor (2) because I think the main use case for this
>> feature is for documents intended to be loaded in subframes rather than
>> documents loaded in the main frame.
>
> When would it be preferable to do this rather than just using sandbox=""
> on the <iframe>?

The issue is that an attacker can load the document in a frame that
lacks the sandbox attribute.  The server hosting the content wishes
for it to be sandboxed whenever possible.

Adam
Received on Wednesday, 9 November 2011 23:56:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 November 2011 23:56:13 GMT