Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification from Mike West on 2015-09-30 (public-whatwg-archive@w3.org from September 2015)

From: Mike West <mkwst@google.com>
Date: Wed, 30 Sep 2015 17:51:03 +0200
To: "James M. Greene" <james.m.greene@gmail.com>
Cc: WHAT Working Group Mailing List <whatwg@whatwg.org>
Message-ID: <CAKXHy=feX6sKuexR=VTv17wd7z1q=oewsj8mX6YdNV302JPgbw@mail.gmail.com>

On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.greene@gmail.com>
wrote:

> While investigating, I ended up creating a JS library called *sandblaster*
> [1] to assist me in analyzing

We should probably just provide a mechanism for reading the currently
active sandboxing flags. You shouldn't have to write pages of code to get
that data. Somewhat the inverse of
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29061.

> *aaaaand* potentially modifying/dismantling
> iframe sandboxes.
>

Are you able to do this in any cases other than `allow-same-origin` and
`allow-scripts`? If so, we should fix them. :)

Thanks for putting this together!

-mike

Received on Wednesday, 30 September 2015 15:51:50 UTC