On Wed, Sep 30, 2015 at 10:51 AM, Mike West <mkwst@google.com> wrote: > On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.greene@gmail.com > > wrote: >> >> *aaaaand* potentially modifying/dismantling >> iframe sandboxes. >> > > Are you able to do this in any cases other than `allow-same-origin` and > `allow-scripts`? If so, we should fix them. :) > I haven't spotted any such holes, though I also haven't tested it in all of the various browser/OS configurations. Again, you can see the live analysis results for your browser at http://jamesmgreene.github.io/sandblaster/test-iframes.html :) > Thanks for putting this together! > Welcomed! It was an interesting learning experience for me. Sincerely, James GreeneReceived on Wednesday, 30 September 2015 19:38:07 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:35 UTC