[Webkit-unassigned] [Bug 182248] New: Supporting allow-top-navigation-by-user-activation to iframe sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 29 09:20:53 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=182248

            Bug ID: 182248
           Summary: Supporting allow-top-navigation-by-user-activation to
                    iframe sandbox
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: All
                OS: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: derek.nicol at cbsinteractive.com

There is an existing bug that was marked Resolved Fixed for this but in testing it doesn't look like this is working in any of the latest Safari Technology Preview and Stable builds for macos and ios. We've successfully tested this in Chrome and Opera.

Original Bug
https://bugs.webkit.org/show_bug.cgi?id=171327


We see it working in the following browsers
Chrome for desktop release 58
Chrome for Android release 58
Android WebView release 58
Opera release 45
Opera for Android release 45

Our Test Page for blocking a timed redirect which is what these malware/fraudster use in ad code.

http://rev.cbsi.com/corey/test/iframe/redirect/sandbox_allow-top-nav-by-user.html

We have the allow-top-navigation-by-user-activation enabled.

I marked this bug as major but this is increasingly becoming more and more feature needed to help combat the spread of malware/fraud. A good write up on the problem https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180129/9e25bae8/attachment.html>


More information about the webkit-unassigned mailing list