W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2013

[whatwg] Sandboxed IFrames and downloads.

From: Mike West <mkwst@google.com>
Date: Sat, 2 Feb 2013 19:11:23 +0100
Message-ID: <CAKXHy=eHTuTehhaAsFdumu-Rr1sgJZfRMGKOfnYUKcEV+T3gSw@mail.gmail.com>
To: whatwg@whatwg.org
It's currently possible to force a download by serving a file with a
"Content-Disposition: attachment; filename=..." header. Notably, this
mechanism can be used to download a file with minimal user interaction by
including the resource to be downloaded in an IFrame. This holds even for
sandboxed IFrames, as demonstrated by
http://lcamtuf.coredump.cx/sandboxed.html (clicking that link will download
a file, fair warning).

It seems consistent with the general thought behind the `sandbox` attribute
that it should control downloads as well as the bits it already locks down.
I'd propose adjusting the spec to include a sandboxed downloads flag,
which, when present, would block all downloads from inside the frame (or,
perhaps only require user confirmation?). This restriction could be lifted
via an 'allow-downloads' keyword, if present in the sandbox attribute's
token list.

WDYT?

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Saturday, 2 February 2013 18:12:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:19 UTC