[Webkit-unassigned] [Bug 158875] New: Add flags allow-popups-to-escape-sandbox and allow-modals to iframe sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 17 08:52:32 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=158875
Bug ID: 158875
Summary: Add flags allow-popups-to-escape-sandbox and
allow-modals to iframe sandbox
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Critical
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: lubin2010 at gmail.com
CC: simon.fraser at apple.com
There have been some improvements proposed to iframe sandbox:
https://wiki.whatwg.org/wiki/Iframe_sandbox_improvments
https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-popups-to-escape-sandbox
https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-modals
The reasoning behind these improvements is to make iframe sandbox usable for framed unsafe content (e.g., advertisements) and to disallow modal dialogs by default in sandboxed iframe:
allow-popups-to-escape-sandbox: With this flag, if a user interacts with an ad and clicks on it, it should be able to open up the ads landing page as a top level page in a new tab without being sandboxed.
allow-modals: The content inside sandboxed iframe should not be able to open modal dialogs unless this flag is specified.
Both Chrome and Firefox are supporting the new attributes now:
https://googlechrome.github.io/samples/allow-popups-to-escape-sandbox/index.html
https://googlechrome.github.io/samples/block-modal-dialogs-sandboxed-iframe/
https://bugzilla.mozilla.org/show_bug.cgi?id=1190641
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160617/f3fa6e10/attachment.html>
More information about the webkit-unassigned
mailing list