W3C home > Mailing lists > Public > public-web-security@w3.org > November 2011

Re: Understanding the security model for the sandbox directive

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 10 Nov 2011 00:19:01 +0000 (UTC)
To: Adam Barth <w3c@adambarth.com>
cc: public-web-security@w3.org, Jacob Rossi <jrossi@microsoft.com>
Message-ID: <Pine.LNX.4.64.1111100018280.31955@ps20323.dreamhostps.com>
On Wed, 9 Nov 2011, Adam Barth wrote:
> 
> The issue is that an attacker can load the document in a frame that 
> lacks the sandbox attribute.  The server hosting the content wishes for 
> it to be sandboxed whenever possible.

That makes sense.

If you need any help linking CSP to the sandbox stuff, let me know; I can 
provide any hooks necessary in HTML to help with this.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 November 2011 00:19:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 November 2011 00:19:27 GMT