[Webkit-unassigned] [Bug 90613] Inside a sandboxed iframe, it should be possible to create another iframe and access it

Thu Jul 12 05:32:09 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=90613

--- Comment #7 from Bruno Michel <bruno.michel at af83.com>  2012-07-12 05:32:08 PST ---
(In reply to comment #6)

After reading the spec again, I think a solution could be to have 3 states for the sandboxed origin browsing context flag:

- explicitly set on this iframe
- inherited from the parent context
- off

The states 1 and 3 have the same behaviours than currently. For state 2, we allow iframes that are loaded locally to be on the same domain: javascript URL, data URL, about:blank and srcdoc iframes.

In <http://html.spec.whatwg.org/#origin>, it could be somethig like:

If a Document's active sandboxing flag set has its sandboxed origin browsing context flag explicitly set
    -> The origin is a globally unique identifier assigned when the Document is created.
    -> The effective script origin is initially an alias to the origin of the Document.

If a Document was generated from a javascript: URL
    -> The origin is an alias to the origin of the script of that javascript: URL.
    -> The effective script origin is initially an alias to the origin of the Document.

If a Document has the address "about:blank"
    -> The origin and effective script origin of the Document are those it was assigned when its browsing context was created.

If a Document is an iframe srcdoc document
    -> The origin of the Document is an alias to the origin of the Document's browsing context's browsing context container's Document.
    -> The effective script origin is initially an alias to the effective script origin of the Document's browsing context's browsing context container's Document.

If a Document has inherited a sandboxed origin browsing context flag
    -> The origin is a globally unique identifier assigned when the Document is created.
    -> The effective script origin is initially an alias to the origin of the Document.

If a Document was served over the network and has an address that uses a URL scheme with a server-based naming authority
    -> The origin is an alias to the origin of the Document's address.
    -> The effective script origin is initially an alias to the origin of the Document.

If a Document was generated from a data: URL that was returned as the location of an HTTP redirect (or equivalent in other protocols)
    -> The origin is an alias to the origin of the URL that redirected to the data: URL.
    -> The effective script origin is initially an alias to the origin of the Document.

If a Document was generated from a data: URL found in another Document or in a script
    -> The origin is an alias to the origin of the Document or script that initiated the navigation to that URL.
    -> The effective script origin is initially an alias to the effective script origin of the Document or script that initiated the navigation to that URL.

If a Document was obtained in some other manner (e.g. a data: URL typed in by the user, a Document created using the createDocument() API, etc)
    -> The origin is a globally unique identifier assigned when the Document is created.
    -> The effective script origin is initially an alias to the origin of the Document.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.