- From: Maciej Stachowiak <mjs@apple.com>
- Date: Thu, 10 Jun 2010 12:08:00 -0700
- To: Adam Barth <w3c@adambarth.com>
- Cc: Artur Adib <arturadib@gmail.com>, robert@ocallahan.org, public-html@w3.org, Leonard Rosenthol <lrosenth@adobe.com>, Ian Hickson <ian@hixie.ch>
On Jun 4, 2010, at 10:00 AM, Adam Barth wrote: > On Thu, Jun 3, 2010 at 2:55 PM, Artur Adib <arturadib@gmail.com> wrote: >> On Thu, Jun 3, 2010 at 5:37 PM, Robert O'Callahan <robert@ocallahan.org> wrote: >>> Could an attacker use a custom Flash object to force top-level navigation? >> >> Good question. >> >> Adam- Do you happen to know if that's possible in WebKit? I mean, I >> don't even know if Flash has access to 'top.location', but if it does, >> will @sandbox protect it? > > You can run an experiment and see, but, in general, there's no way for > the browser to contain what plug-ins are able to do. If navigating > the top frame doesn't work today, that's an accident of implementation > and not a security property, which means you can probably find some > tricky way of asking Flash to navigate the top frame that works. I'm almost certain it can be done. The plugin API has a specific way to request navigation of a chosen frame that does not go through JavaScript. I believe Flash exposes it to ActionScript. I suspect no one bothers to use it for framebusting currently since JavaScript is easier, but it would surely become more popular if <iframe sandbox> becomes popular for framebusting. Regards, Maciej
Received on Thursday, 10 June 2010 19:08:34 UTC