OOPIFs and sandbox attribute

190 views
Skip to first unread message

Ian

unread,
Jul 13, 2015, 6:01:34 PM7/13/15
to site-isol...@chromium.org
Hi all,

We're developing an application where we have multiple sandboxed iframes on a page (specifically, <iframe sandbox="allow-scripts"/>). The src of the frame is at the same domain as the parent window, but we'd want each iframe to behave as if it were cross-site, and, ultimately, live in its own process. 

I tested on the latest build of Canary (64-bit OS X, 45.0.2454.4) with the OOPIF flag enabled, and all of the frames are still in the same process... If I route it through a different domain than the parent page, I then get a separate process for the iframe, as we'd expect.

Just was wondering what the implementation plans are to give sandboxed iframes their own process.

Thnx-
Ian

Charlie Reis

unread,
Jul 13, 2015, 7:02:22 PM7/13/15
to Ian, site-isol...@chromium.org
As long as allow-same-origin isn't specified, it's most likely safe for the browser to put the sandboxed iframe pages in a separate process (since they can't script other pages).

We don't have any concrete plans to implement it just yet, partly because we're focused on launching other use cases, and partly because our process model bookkeeping for sites doesn't yet support unique origins.  It is a case we'd like to come back to in the future, though.

Charlie

Ian

unread,
Jul 14, 2015, 1:50:19 PM7/14/15
to site-isol...@chromium.org, ianmat...@gmail.com
Thanks Charlie. FWIW, our use case involves running several (potentially processor-intensive) iframes on a page that execute user-provided JS, though the frames are all served from our domain. Having them on a separate process would both help guarantee security as well as provide substantial UX improvements in that blocking / non-responsive scripts wouldn't affect other frames or the parent page.

Am happy to help with testing / implementation when the time's right and as my expertise allows.

Cheers!

Charlie Reis

unread,
Jul 14, 2015, 2:17:29 PM7/14/15
to Ian, site-isol...@chromium.org
Sure.  I filed https://crbug.com/510122 if you want to follow it.

I'd also be careful about relying on out-of-process iframes as a performance primitive.  There's a non-trivial memory cost, and (depending on resources) Chrome may not make guarantees about which process pages will end up in.  We're still treading lightly with how many sites will be isolated because of this.

Charlie

Ian

unread,
Jul 14, 2015, 3:57:01 PM7/14/15
to site-isol...@chromium.org, ianmat...@gmail.com
Thanks.

And of course — though I think allowing developers to signal that they'd like a separate process for the iframe — if resources allow for it — could be quite useful. We're seeing substantial usability / performance improvements when we trigger OOPIFs by serving our iframes from a different domain. Or even putting all sandboxed iframes on a page in the same, separate process from the parent page...

Anyways, can circle back when you take this issue up.

Ian
Message has been deleted

dpjaya...@gmail.com

unread,
Apr 27, 2018, 6:58:10 AM4/27/18
to Site Isolation Development, ianmat...@gmail.com
Is there any update on this feature request yet?

Charlie Reis

unread,
Apr 27, 2018, 1:17:16 PM4/27/18
to dpjaya...@gmail.com, Chromium Site Isolation, Ian
As noted on the bug, this is something we could consider after Site Isolation launches, and we're currently focused on that.

Thanks for checking,
Charlie
Reply all
Reply to author
Forward
0 new messages