[Webkit-unassigned] [Bug 21288] Implement HTML5's sandbox attribute for iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 18 11:55:04 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=21288
--- Comment #44 from Patrik Persson <patrik.j.persson at ericsson.com> 2009-11-18 11:55:00 PST ---
(In reply to comment #43)
> I'm also not sure we want to allow storage and database access from these
> sandboxed origins even temporarily. So it is good, but may not be enough to
> simply make it compare unequal to all other origins. I suspect that in any case
> we will need to add "can" type checks to StorageNamespaceImpl::storageArea and
> a some of the functions in DatabaseTracker so that storage and database access
> are subject to sandboxing rules.
>
> But I don't know for sure. What behavior do we want for storage and database?
If you don't want storage access from sandboxed frames,, a simple alternative
would be to have such frames behave as if storage/database access was disabled
in Settings. This would make localStorage()/sessionStorage() return Undefined
in JavaScript. I haven't tested this, but I suspect it would be as simple as a
sandbox check in DOMWindow::localStorage()/sessionStorage().
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list