info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to implement and ship: allow-modals sandbox flag
34 views
Skip to first unread message
Boris Zbarsky
May 6, 2016, 2:48:58 AM5/6/16
to
Summary: The idea is to prevent calls to
window.alert/confirm/prompt/print from sandboxed iframes, and prevent
them putting up beforeunload dialogs, unless explicitly allowed to.
Note that this is a NEW sandbox restriction, so might break some
existing sandboxed content. A new token in the iframe sandbox attribute
allows loosening the restriction.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1190641
Spec:
https://html.spec.whatwg.org/multipage/browsers.html#sandboxed-modals-flag
and
https://html.spec.whatwg.org/multipage/browsers.html#sandboxing:sandboxed-modals-flag
and the definitions of alert/confirm/etc. There is one open spec issue
I raised while implementing:
<https://github.com/whatwg/html/issues/1206>. It would only affect very
contrived edge cases, and whatever is decided on in that issue we can
update to reasonably easily.
Target release: 49
Platforms: all
Preference behind which this is implemented: none
DevTools bug: Not sure this needs devtools support.
Support in other browsers: I believe Chrome supports this. Not sure
about others.
Tests: Automatic testing for this is rather hard. I did test manually.
Security/Privacy concerns: none.
The main worry here is the backwards-compat issue, but given that Chrome
is shipping it and sandboxed iframes are pretty rare so far, this seems
like it should be safe.
-Boris
window.alert/confirm/prompt/print from sandboxed iframes, and prevent
them putting up beforeunload dialogs, unless explicitly allowed to.
Note that this is a NEW sandbox restriction, so might break some
existing sandboxed content. A new token in the iframe sandbox attribute
allows loosening the restriction.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1190641
Spec:
https://html.spec.whatwg.org/multipage/browsers.html#sandboxed-modals-flag
and
https://html.spec.whatwg.org/multipage/browsers.html#sandboxing:sandboxed-modals-flag
and the definitions of alert/confirm/etc. There is one open spec issue
I raised while implementing:
<https://github.com/whatwg/html/issues/1206>. It would only affect very
contrived edge cases, and whatever is decided on in that issue we can
update to reasonably easily.
Target release: 49
Platforms: all
Preference behind which this is implemented: none
DevTools bug: Not sure this needs devtools support.
Support in other browsers: I believe Chrome supports this. Not sure
about others.
Tests: Automatic testing for this is rather hard. I did test manually.
Security/Privacy concerns: none.
The main worry here is the backwards-compat issue, but given that Chrome
is shipping it and sandboxed iframes are pretty rare so far, this seems
like it should be safe.
-Boris
0 new messages