[Webkit-unassigned] [Bug 171327] New: Add attribute allow-top-navigation-by-user-activation to iframe sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 26 09:12:35 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=171327
Bug ID: 171327
Summary: Add attribute allow-top-navigation-by-user-activation
to iframe sandbox
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Critical
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: binlu at chromium.org
CC: binlu at chromium.org, fred.wang at free.fr,
mkwst at chromium.org, ojan at chromium.org
There is a new attribute proposed to iframe sandbox:
https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-top-navigation-by-user-activation
This is a follow-up work of:
https://bugs.webkit.org/show_bug.cgi?id=158875
https://bugs.webkit.org/show_bug.cgi?id=171321
The new attribute requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent unexpected malicious behaviors like plugin exploits, auto-redirects, file downloading, modal dialogs, etc).
Demo link (Available in Chrome 58+):
http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html
For more context:
https://github.com/w3ctag/design-reviews/issues/154
https://github.com/WICG/interventions/issues/42
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170426/c24979a7/attachment.html>
More information about the webkit-unassigned
mailing list