mk...@chromium.org
# Spec
# Summary
This is a new flag for `<iframe sandbox="...">` which will allow a sandboxed document to spawn new windows without forcing the sandboxing flags upon them. This will allow, for example, a third-party advertisement to be safely sandboxed without forcing the same restrictions upon a landing page.
# Motivation
Folks in Google's anti-malvertising team would like to begin sandboxing the iframes in which ads are embedded. In some cases, this can be truly restrictive, in others they'd enable basically everything except `allow-top-navigation`. Their experiments thus far have been blocked on sandboxing's inheritance structure: there's no way to open an unsandboxed window from inside a sandbox, which means that a sandboxed advertisement leads to a sandboxed landing page, and so on.
This seems like a reasonable thing to allow an embedder to opt-out of, and adding a new flag to enable otherwise limited functionality is consistent with the rest of `sandbox`.
# Compatibility Risk
Firefox: No public signals
Internet Explorer: No public signals
Safari: No public signals
Web developers: Positive
# Describe the degree of compatibility risk you believe this change poses
Browsers that support sandboxing but don't support this feature will be a bit of a problem, as there's no clear way to feature-detect sandboxing characteristics of a browser. Until such a thing exists, web developers would almost certainly need to resort to UA sniffing, which is fairly ugly.
Suggestions regarding detection possibilities are welcome. :)
# Ongoing technical constraints
None.
# Will this feature be supported on all six Blink platforms
Yes.
# OWP launch tracking bug
# Requesting approval to ship?
No.
-mike