W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2015

Re: [whatwg] Proposal: Two changes to iframe@sandbox

From: Mike West <mkwst@google.com>
Date: Tue, 14 Jul 2015 09:54:28 +0200
Message-ID: <CAKXHy=e1FBjZV2gROUQSv3aC_c4qM9ZyCBjxauEedPnu=P0-MA@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: David Bruant <bruant.d@gmail.com>, Chris Coyier <chriscoyier@gmail.com>, WHAT Working Group Mailing List <whatwg@whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>, Alex Russell <slightlyoff@google.com>, Ian Hickson <ian@hixie.ch>
On Thu, Jul 9, 2015 at 5:28 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> On Mon, Jul 6, 2015 at 2:47 AM, Mike West <mkwst@google.com> wrote:
>
>> I've dropped the opener/openee-disowning behavior from my proposal,
>> and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
>>
>> https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments&diff=9958&oldid=9955
>
>
> ​It appears that this new keyword as described would still require the use
> of allow-popups in addition to allow-popups-to-escape-sandbox. Since it
> doesn't make any sense on its own can you change it so that either keyword
> allows popups to happen? That it, propose changing
>
>     [Set] The sandboxed auxiliary navigation browsing context flag
> <https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
> unless tokens
>     contains the allow-popups keyword.
>
> to
>
>    [Set] The sandboxed auxiliary navigation browsing context flag
> <https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
> unless tokens
>    contains the allow-popups or *allow-popups-to-escape-sandbox* keyword.
>
> ​(might then require changing -to-escape- to -that-escape-)​
>

My only concern with this is that folks might disallow certain sanboxing
flags that they know are dangerous, which might mean that their CMS would
block `allow-plugins`, but might allow new flags (which would then allow
someone to `allow-plugins-to-escape-sandbox`. This kind of blacklisting is
probably a bit far fetched, so I could live with the behavior if you feel
strongly about it, but I'd prefer to keep the changes as small and additive
as possible.

-mike
Received on Tuesday, 14 July 2015 07:55:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 14 July 2015 07:55:17 UTC