[Webkit-unassigned] [Bug 171327] New: Add attribute allow-top-navigation-by-user-activation to iframe sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 26 09:12:35 PDT 2017


            Bug ID: 171327
           Summary: Add attribute allow-top-navigation-by-user-activation
                    to iframe sandbox
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: binlu at chromium.org
                CC: binlu at chromium.org, fred.wang at free.fr,
                    mkwst at chromium.org, ojan at chromium.org

There is a new attribute proposed to iframe sandbox:

This is a follow-up work of:

The new attribute requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent unexpected malicious behaviors like plugin exploits, auto-redirects, file downloading, modal dialogs, etc). 

Demo link (Available in Chrome 58+):

For more context:

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170426/c24979a7/attachment.html>

More information about the webkit-unassigned mailing list