Re: Proposal: Two changes to iframe@sandbox from Oda, Terri on 2015-05-13 (public-webappsec@w3.org from May 2015)

From: Oda, Terri <terri.oda@intel.com>
Date: Wed, 13 May 2015 14:07:46 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACoC0R_ZV1m5NO6MzW7coUaMNOvk1x9OFeianLkOZk8TEpaBUg@mail.gmail.com>

I'm not in whatwg, but I do want to say that this seems like a pleasant
change from a user perspective.  I'm glad to hear your ad teams are
thinking about this!

 Terri

On Sun, May 10, 2015 at 9:11 PM, Mike West <mkwst@google.com> wrote:

> (BCC: public-webappsec@w3.org)
>
> Hello, wonderful whatwg@ folks!
>
> I've talked with a few folks from Google's advertising teams who are
> interested in using sandboxed iframes to mitigate the risks associated with
> ads. They've flagged two things that they'd like to see happen in the
> future:
>
> 1. Block usage of `alert()` (and its friends `confirm()`, `prompt()`, and
> `print()` (and `showModalDialog()` for browsers that support it)).
>
> 2. Allow sandboxed frames to spawn new windows without forcing the sandbox
> upon them. This would allow the advertisement itself to be sandboxed,
> without forcing the same restrictive flags upon a landing page.
>
> # Proposal
>
> 1. Block modal dialogs from inside sandboxed frames. That is:
>
> * `alert(...)` would return without popping up a dialog.
> * `confirm(...)` would return `false` without popping up a dialog.
> * `prompt(...)` would return `null` without popping up a dialog.
> * `print(...)` would return without popping up a dialog.
>
> This was discussed briefly at
> https://lists.w3.org/Archives/Public/public-whatwg-archive/2014May/0002.html,
> but I didn't find any follow-up (CCing folks from that thread). I've added
> metrics to Chrome in https://codereview.chromium.org/1121053002, but it
> will take a few weeks to get good data. Given the low usage of sandboxes in
> general (~0.5% of page views, according to
> https://www.chromestatus.com/metrics/feature/timeline/popularity/672), I
> suspect we could fairly easily make this change.
>
> 2. Add a `allow-unsandboxed-auxiliary` keyword to those supported by the
> `sandbox` attribute, which, when present, would allow auxiliary browsing
> contexts created by `window.open` and `target="_blank"` links to create
> clean browsing contexts, unaffected by the sandbox which spawned them.
>
> WDYT?
>
> --
> Mike West <mkwst@google.com>, @mikewest
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München,
> Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
> Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
> Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>

Received on Wednesday, 13 May 2015 21:08:16 UTC