[Webkit-unassigned] [Bug 182248] New: Supporting allow-top-navigation-by-user-activation to iframe sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 29 09:20:53 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=182248
Bug ID: 182248
Summary: Supporting allow-top-navigation-by-user-activation to
iframe sandbox
Product: WebKit
Version: Safari Technology Preview
Hardware: All
OS: All
Status: NEW
Severity: Major
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: derek.nicol at cbsinteractive.com
There is an existing bug that was marked Resolved Fixed for this but in testing it doesn't look like this is working in any of the latest Safari Technology Preview and Stable builds for macos and ios. We've successfully tested this in Chrome and Opera.
Original Bug
https://bugs.webkit.org/show_bug.cgi?id=171327
We see it working in the following browsers
Chrome for desktop release 58
Chrome for Android release 58
Android WebView release 58
Opera release 45
Opera for Android release 45
Our Test Page for blocking a timed redirect which is what these malware/fraudster use in ad code.
http://rev.cbsi.com/corey/test/iframe/redirect/sandbox_allow-top-nav-by-user.html
We have the allow-top-navigation-by-user-activation enabled.
I marked this bug as major but this is increasingly becoming more and more feature needed to help combat the spread of malware/fraud. A good write up on the problem https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180129/9e25bae8/attachment.html>
More information about the webkit-unassigned
mailing list