Sandbox flags of the caller are currently applied to the callee when document.open targets a different window. Stop doing it.
This should be a trivial removal. Currently, 0.000002% pages are "potentially" affected: https://chromestatus.com/metrics/feature/timeline/popularity/4375 In most cases, a less restrictive sandbox flag is not going to negatively impact the affected pages. So 0.000002% should be seen as an upper bound. This brings Chrome's implementation closer to the specification, and closer to Firefox and SafarI. This has a positive impact on interoperability.
The removed feature did not have any security benefits. A sandboxed iframe that can call document.open on its neighbors must have “allow-scripts” and “allow-same-origin” capabilities. This is already a known way to escape sandbox, independently of document.open. For instance, one can call `eval` on its parent to escape its sandbox. Chrome and Firefox display the message: "An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing." Security considerations: https://docs.google.com/document/d/1_89X4cNUab-PZE0iBDTKIftaQZsFbk7SbFmHbqY54os/edit#bookmark=id.7lqerksbaalj
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Shipping on desktop | 116 |
Shipping on Android | 116 |
Shipping on WebView | 116 |
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH7Q68Xb-GTak%3DVDx1cak-3%3D77e%2BudHkquttq8au_d3jt59KJw%40mail.gmail.com.
The risk seems quite low here, thanks for the explanation. LGTM2.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUfH6yVMG-yEUZ6LitTY6M7VOQ0rURrWOf5G1rvrGFo3g%40mail.gmail.com.
LGTM3
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3def26d1-83a1-122e-2a06-77316f1e13d9%40chromium.org.