- From: James M. Greene <james.m.greene@gmail.com>
- Date: Wed, 30 Sep 2015 14:37:20 -0500
- To: Mike West <mkwst@google.com>
- Cc: WHAT Working Group Mailing List <whatwg@whatwg.org>
On Wed, Sep 30, 2015 at 10:51 AM, Mike West <mkwst@google.com> wrote: > On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.greene@gmail.com > > wrote: >> >> *aaaaand* potentially modifying/dismantling >> iframe sandboxes. >> > > Are you able to do this in any cases other than `allow-same-origin` and > `allow-scripts`? If so, we should fix them. :) > I haven't spotted any such holes, though I also haven't tested it in all of the various browser/OS configurations. Again, you can see the live analysis results for your browser at http://jamesmgreene.github.io/sandblaster/test-iframes.html :) > Thanks for putting this together! > Welcomed! It was an interesting learning experience for me. Sincerely, James Greene
Received on Wednesday, 30 September 2015 19:38:07 UTC