info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to implement and ship: allow-popups-to-escape-sandbox sandbox flag
117 views
Skip to first unread message
Boris Zbarsky
May 6, 2016, 2:48:54 AM5/6/16
to
Summary: The idea is to add a way for a sandboxed iframe to open a popup
window that is not sandboxed, via a new token in the sandbox attribute
that loosens the "everything you open will be sandboxed like you"
restriction. This obviously allows the iframe to open itself and thus
escape the sandbox, hence the naming. This is a useful thing to allow
because this way ads or search results can be sandboxed but still open
the site they are linking to without sandboxing, and the fact that the
opening requires an explicit user action means they can't just
automatically unsandbox themselves....
This feature has been requested by numerous people who would really like
to sandbox more stuff but can't because then said stuff can't open the
things it needs to open.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1190641
Spec:
https://html.spec.whatwg.org/multipage/browsers.html#sandbox-propagates-to-auxiliary-browsing-contexts-flag
and
https://html.spec.whatwg.org/multipage/browsers.html#sandboxing:sandbox-propagates-to-auxiliary-browsing-contexts-flag
and the tail end of
https://html.spec.whatwg.org/multipage/browsers.html#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name
Target release: 49
Platforms: all
Preference behind which this is implemented: none
DevTools bug: Not sure this needs devtools support.
Support in other browsers: I believe Chrome supports this. I'm not sure
what the state is in other browsers.
Tests: Web platform tests are in the patch.
Security/Privacy concerns: See above in terms of this allowing sandboxed
things to unsandbox themselves.
-Boris
window that is not sandboxed, via a new token in the sandbox attribute
that loosens the "everything you open will be sandboxed like you"
restriction. This obviously allows the iframe to open itself and thus
escape the sandbox, hence the naming. This is a useful thing to allow
because this way ads or search results can be sandboxed but still open
the site they are linking to without sandboxing, and the fact that the
opening requires an explicit user action means they can't just
automatically unsandbox themselves....
This feature has been requested by numerous people who would really like
to sandbox more stuff but can't because then said stuff can't open the
things it needs to open.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1190641
Spec:
https://html.spec.whatwg.org/multipage/browsers.html#sandbox-propagates-to-auxiliary-browsing-contexts-flag
and
https://html.spec.whatwg.org/multipage/browsers.html#sandboxing:sandbox-propagates-to-auxiliary-browsing-contexts-flag
and the tail end of
https://html.spec.whatwg.org/multipage/browsers.html#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name
Target release: 49
Platforms: all
Preference behind which this is implemented: none
DevTools bug: Not sure this needs devtools support.
Support in other browsers: I believe Chrome supports this. I'm not sure
what the state is in other browsers.
Tests: Web platform tests are in the patch.
Security/Privacy concerns: See above in terms of this allowing sandboxed
things to unsandbox themselves.
-Boris
Ben Kelly
May 6, 2016, 3:40:26 PM5/6/16
to Boris Zbarsky, dev-pl...@lists.mozilla.org
On Thu, May 5, 2016 at 10:48 PM, Boris Zbarsky <bzba...@mit.edu> wrote:
> Support in other browsers: I believe Chrome supports this. I'm not sure
> what the state is in other browsers.
>
Looks like chrome 46:
> Support in other browsers: I believe Chrome supports this. I'm not sure
> what the state is in other browsers.
>
https://www.chromestatus.com/feature/5708368589094912
I'm happy to see this implemented since I've had web developers ask about
it in the past. I think anything we can do to get more ads running in
sandboxed iframes is a good thing.
Thanks!
Ben
0 new messages