W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2015

Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

From: Mike West <mkwst@google.com>
Date: Wed, 30 Sep 2015 17:51:03 +0200
Message-ID: <CAKXHy=feX6sKuexR=VTv17wd7z1q=oewsj8mX6YdNV302JPgbw@mail.gmail.com>
To: "James M. Greene" <james.m.greene@gmail.com>
Cc: WHAT Working Group Mailing List <whatwg@whatwg.org>
On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.greene@gmail.com>
wrote:

> While investigating, I ended up creating a JS library called *sandblaster*
> [1] to assist me in analyzing


We should probably just provide a mechanism for reading the currently
active sandboxing flags. You shouldn't have to write pages of code to get
that data. Somewhat the inverse of
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29061.


> *aaaaand* potentially modifying/dismantling
> iframe sandboxes.
>

Are you able to do this in any cases other than `allow-same-origin` and
`allow-scripts`? If so, we should fix them. :)

Thanks for putting this together!

-mike
Received on Wednesday, 30 September 2015 15:51:50 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:35 UTC