Intent to prototype and ship: Block external protocols in sandboxed iframes

116 views
Skip to first unread message

Paul Zühlcke

unread,
Mar 31, 2022, 12:13:25 PM3/31/22
to dev-pl...@mozilla.org

Summary:
Restrict opening external protocols from sandboxed iframes. In order to open external protocols sandboxed BrowsingContexts need to have any of the following sandbox flags:

  • allow-top-navigation-to-custom-protocols

  • allow-popups

  • allow-top-navigation

  • allow-top-navigation-with-user-activation

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1735746

Specification: https://html.spec.whatwg.org/#hand-off-to-external-software
Discussion: https://github.com/whatwg/html/issues/2191

Platform coverage: all

Preference: dom.block_external_protocol_navigation_from_sandbox

Other browsers:
Blink:
Intent to Ship
WebKit: Patch

web-platform-tests:
Not currently covered by WPT. I’ve filed a bug for adding a test:
https://bugzilla.mozilla.org/show_bug.cgi?id=1762420 However, it is unclear if it’s possible to test external protocols with the current test wrapper.

I'm planning to land a patch for Nightly in the coming days and later enable it in Release if we don't run into major web compat issues.

Please reach out if you have any questions or concerns about this change.

Frederik Braun

unread,
Mar 31, 2022, 2:15:55 PM3/31/22
to Paul Zühlcke, dev-pl...@mozilla.org
Paul Zühlcke <p...@mozilla.com> schrieb am Do. 31. März 2022 um 18:13:

Summary:
Restrict opening external protocols from sandboxed iframes. In order to open external protocols sandboxed BrowsingContexts need to have any of the following sandbox flags:

  • allow-top-navigation-to-custom-protocols

  • allow-popups

  • allow-top-navigation

  • allow-top-navigation-with-user-activation

Does this imply we do not support the “allow-custom-protocol-navigation” flag that Chrome and Safari introduced?



Paul Zühlcke

unread,
Mar 31, 2022, 2:31:57 PM3/31/22
to Frederik Braun, dev-pl...@mozilla.org
We will support the newly added flag "allow-top-navigation-to-custom-protocols" which is specifically for navigation to custom protocols. I believe WebKit had implemented “allow-custom-protocol-navigation” and later renamed to "allow-top-navigation-to-custom-protocols" after the spec had been merged.

Paul Zühlcke

unread,
May 3, 2022, 7:11:31 AM5/3/22
to dev-pl...@mozilla.org
Update: This will ship to release in Firefox 102. See Bug 1766828 for details
Reply all
Reply to author
Forward
0 new messages