Re: Understanding the security model for the sandbox directive

On Wed, Nov 9, 2011 at 3:51 PM, Ian Hickson <> wrote:
> On Fri, 4 Nov 2011, Adam Barth wrote:
>> 2) Refuse to load documents with a CSP sandbox directive in the main
>> frame.  Site can, of course, continue to load them in subframes.  We
>> could then apply the sandbox policy to the iframe and all future
>> documents that load in that frame.  There's no "poisoning" issues as
>> above because navigating the main frame clears out the policy.
>> Of these choices, I favor (2) because I think the main use case for this
>> feature is for documents intended to be loaded in subframes rather than
>> documents loaded in the main frame.
> When would it be preferable to do this rather than just using sandbox=""
> on the <iframe>?

The issue is that an attacker can load the document in a frame that
lacks the sandbox attribute.  The server hosting the content wishes
for it to be sandboxed whenever possible.


Received on Wednesday, 9 November 2011 23:56:13 UTC