[whatwg] Security Issue- Iframe Sandbox attribute - Clarity of operation from Sethu mathavan on 2012-03-06 (public-whatwg-archive@w3.org from March 2012)

From: Sethu mathavan <siyan.mady@gmail.com>
Date: Tue, 6 Mar 2012 19:28:37 +0530
Message-ID: <CAC_J0Ws_q=i0phnN3+_9a_oG72d7rrN6uQX2J0tgm0qbUxyT4w@mail.gmail.com>

Hi,
Im a professional application pentester. i developed and tested my own
html5 web application with iframes included in it.

My code for iframe  is <iframe src="xyz.htm" sandbox="">.
Expected working is that scripts in the "xyz.htm" should not be executed.
Normally,it works fine.

But i was able to alter the sandbox attribute by intercepting and modifying
the  the response with a proxy tool as follows:
<iframe src="xyz.htm" sandbox="allow-same-origin allow-scripts">
Now, browser allows the script in xyz.htm to get executed and original
functionality is altered.

The main purpose of implementing the sandbox attribute is to restrict the
contents within the particular frame. But that very purpose is being
compromised. This facilitates the Man-in-the-middle attack. Is this the
intended working of the attribute or is there any modifications planned for
the future? Need more clarification on this.


Regards,
Mady,
Application Pentester.

Received on Tuesday, 6 March 2012 05:58:37 UTC