Re: Understanding the security model for the sandbox directive

 > Ok.  That's something self-consistent that I can spec.  I'm not sure
 > there are actually use cases for all the sandbox tokens in that model,
 > but there are definitely use cases for some of them and there's a lot
 > of value in aligning the list of tokens with the HTML5 sandbox
 > attribute.
 > To summarize:
 > 1) The sandbox bits in HTML5 are stored in two places: (a) the sandbox
 > attribute itself, and (b) associated with the document.  When a
 > document gets created, the bits are copied from (a) to (b) so that
 > they're frozen for the lifetime of the document, even if the iframe's
 > attributes change.
 > 2) For CSP, the sandbox directive will cause the bits to be set on (b)
 > only.  That means the bits will apply to the current document but not
 > to future documents that occupy the same frame (top-level or
 > otherwise).
 > 4) If both CSP and the sandbox attribute supply a sandbox policies,
 > they'll be merged using the algorithm in the HTML5 spec (which is
 > currently used to merge sandbox bits for nested iframes).
 > Does that sound reasonable to everyone?

makes sense to me.


Received on Friday, 4 November 2011 20:37:29 UTC