[Webkit-unassigned] [Bug 106787] New: Log to console when ineffectively sandboxing same-origin content.

Mon Jan 14 05:53:59 PST 2013

https://bugs.webkit.org/show_bug.cgi?id=106787

           Summary: Log to console when ineffectively sandboxing
                    same-origin content.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mkwst at chromium.org
            Blocks: 104141

When loading same-origin content into a sandbox with both the 'allow-same-origin' and 'allow-scripts' flags, the sandboxed content can trivially remove sandboxing restrictions by reaching up into the parent, removing the 'sandbox' attribute, and reloading itself. The spec explicitly calls this out as Something Not To Do. We should do the same via the console.

Mozilla's working on this as well, FWIW: https://bugzilla.mozilla.org/show_bug.cgi?id=752559

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.