Re: [whatwg] Proposal: Two changes to iframe@sandbox

On Thu, Jul 9, 2015 at 5:28 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> On Mon, Jul 6, 2015 at 2:47 AM, Mike West <mkwst@google.com> wrote:
>
>> I've dropped the opener/openee-disowning behavior from my proposal,
>> and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
>>
>> https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments&diff=9958&oldid=9955
>
>
> ​It appears that this new keyword as described would still require the use
> of allow-popups in addition to allow-popups-to-escape-sandbox. Since it
> doesn't make any sense on its own can you change it so that either keyword
> allows popups to happen? That it, propose changing
>
>     [Set] The sandboxed auxiliary navigation browsing context flag
> <https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
> unless tokens
>     contains the allow-popups keyword.
>
> to
>
>    [Set] The sandboxed auxiliary navigation browsing context flag
> <https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
> unless tokens
>    contains the allow-popups or *allow-popups-to-escape-sandbox* keyword.
>
> ​(might then require changing -to-escape- to -that-escape-)​
>

My only concern with this is that folks might disallow certain sanboxing
flags that they know are dangerous, which might mean that their CMS would
block `allow-plugins`, but might allow new flags (which would then allow
someone to `allow-plugins-to-escape-sandbox`. This kind of blacklisting is
probably a bit far fetched, so I could live with the behavior if you feel
strongly about it, but I'd prefer to keep the changes as small and additive
as possible.

-mike

Received on Tuesday, 14 July 2015 07:55:16 UTC