[w3c/ServiceWorker] Sandboxing untrusted code offline is currently impossible (Issue #1727) from BlobTheKat on 2024-08-28 (public-webapps-github@w3.org from August 2024)

From: BlobTheKat <notifications@github.com>
Date: Wed, 28 Aug 2024 06:39:44 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1727@github.com>

The normal approach to sandboxing untrusted HTML/JS is to use an iframe with a `sandbox` attribute.

This is not possible offline as a service worker cannot control a sandboxed iframe

Consider adding an `inherit-service-worker` value to the `sandbox` attribute, allowing the parent's service worker to intercept requests from a sandboxed iframe

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1727
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/ServiceWorker/issues/1727@github.com>

Received on Wednesday, 28 August 2024 13:39:48 UTC