[Webkit-unassigned] [Bug 21288] Implement HTML5's sandbox attribute for iframes

Thu Nov 19 08:41:15 PST 2009

https://bugs.webkit.org/show_bug.cgi?id=21288

--- Comment #48 from Patrik Persson <patrik.j.persson at ericsson.com>  2009-11-19 08:41:12 PST ---
(In reply to comment #43)
> (In reply to comment #42)
> > W.r.t. the equal() issue: The way a sandboxed origin is modeled in HTML5 is as
> > a "unique value," which you can think of as a random string for each instance
> > that's not equal to anything except itself.  We might improve our
> > implementation of sandboxed SecurityOrigins by representing them this way.  If
> > we do that, it's clear that two sandboxed origins are equal if, and only if,
> > they are the same physical object.
> 
> That sounds like a good design. When sandboxed, a SecurityOrigin would not
> check anything except object identity to determine equality and to do hashing.

I'm a bit confused. That was what we were trying to do, an equal()
implementation that always returns false if one or both of the
SecurityOrigins is sandboxed (unless we compare an object to itself).

> I'm also not sure we want to allow storage and database access from these
> sandboxed origins even temporarily. So it is good, but may not be enough to
> simply make it compare unequal to all other origins. I suspect that in any case
> we will need to add "can" type checks to StorageNamespaceImpl::storageArea and
> a some of the functions in DatabaseTracker so that storage and database access
> are subject to sandboxing rules.
> 
> But I don't know for sure. What behavior do we want for storage and database?

I don't think HTML5 says much about how client-side storage
(localStorage/sessionStorage/openDatabase) interacts with
sandboxing. To explain our (previous) design decisions, here's my
interpretation.

I think sessionStorage would make sense, as long as sandboxes are
respected. I think localStorage would end up equivalent to
sessionStorage in a sandboxed frame, making it somewhat less useful. I
don't think a sandboxed database would be very useful: it wouldn't
survive beyond a session.

Our idea with previous patch was to sandbox localStorage and
sessionStorage with respect to origin, and to disable databases in
sandboxes entirely. I should have been clearer about this assumption
from the start.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.