[Webkit-unassigned] [Bug 38424] New: add support for text/html-sandboxed on sandboxed iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat May 1 19:21:21 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=38424
Summary: add support for text/html-sandboxed on sandboxed
iframes
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://0x.lv/xss.php?frame_sandbox=allow-scripts&frame
_xss=?ct=text/html-sandboxed
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Frames
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: evn at google.com
HTML 5's iframe sandbox specification requires web owners to add the
content-type "text/html-sandboxed" to all content that will be served in a
sandboxed iframe to avoid it being loaded directly and bypass it's sandbox.
webkit's current iframe at sandbox implementation doesn't recognize this content
type and is marked as a file to be downloaded.
eg:
http://0x.lv/xss.php?frame_sandbox=allow-scripts&frame_xss=?ct=text/html-sandboxed
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list