Intent to Implement: 'allow-unsandboxed-auxiliary' sandbox flag.

Skip to first unread message

Mike West

May 12, 2015, 6:59:30 AM5/12/15
to blink-dev
# Contact emails

# Spec
Just mailing list conversation at; I'm hopeful we can get it into HTML if folks think it's a reasonable addition.

# Summary
This is a new flag for `<iframe sandbox="...">` which will allow a sandboxed document to spawn new windows without forcing the sandboxing flags upon them. This will allow, for example, a third-party advertisement to be safely sandboxed without forcing the same restrictions upon a landing page. 

# Motivation
Folks in Google's anti-malvertising team would like to begin sandboxing the iframes in which ads are embedded. In some cases, this can be truly restrictive, in others they'd enable basically everything except `allow-top-navigation`. Their experiments thus far have been blocked on sandboxing's inheritance structure: there's no way to open an unsandboxed window from inside a sandbox, which means that a sandboxed advertisement leads to a sandboxed landing page, and so on.

Sites like CodePen have similar desires (as noted at the bottom of limit the impact of unknown content by sandboxing it, but allow it to spawn unsandboxed browsing contexts for navigation.

This seems like a reasonable thing to allow an embedder to opt-out of, and adding a new flag to enable otherwise limited functionality is consistent with the rest of `sandbox`.

# Compatibility Risk
Firefox: No public signals
Internet Explorer: No public signals
Safari: No public signals
Web developers: Positive

# Describe the degree of compatibility risk you believe this change poses
Browsers that support sandboxing but don't support this feature will be a bit of a problem, as there's no clear way to feature-detect sandboxing characteristics of a browser. Until such a thing exists, web developers would almost certainly need to resort to UA sniffing, which is fairly ugly.

Suggestions regarding detection possibilities are welcome. :)

# Ongoing technical constraints

# Will this feature be supported on all six Blink platforms

# OWP launch tracking bug

# Link to entry on the Chromium Dashboard

# Requesting approval to ship?


Chris Harrelson

May 13, 2015, 2:56:40 AM5/13/15
to Mike West, blink-dev
Not necessary, but LGTM anyway.

To unsubscribe from this group and stop receiving emails from it, send an email to

Philip Jägenstedt

May 13, 2015, 6:19:39 AM5/13/15
to Chris Harrelson, Mike West, blink-dev
Sounds like a plan, LGTM.
Reply all
Reply to author
0 new messages