[Webkit-unassigned] [Bug 158875] Add flags allow-popups-to-escape-sandbox and allow-modals to iframe sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 20 17:14:38 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=158875
--- Comment #2 from John Wilander <wilander at apple.com> ---
I don't remember if it's part of the spec but we should make sure the call to confirm() returns false if the call was blocked by the sandbox. Doing so provides a safe fallback if an iframe's code is denied to ask the user for confirmation.
Otherwise "allow-modals" will allow an attacker to grant JavaScript execution but block a confirm prompt. A benign service might want to allow iframe integration but do what it can to prohibit clickjacking. Knowing whether you were able to display a confirmation UI may be crucial.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160621/0d83a28b/attachment.html>
More information about the webkit-unassigned
mailing list