[Webkit-unassigned] [Bug 231727] New: New spec: Block external protocol handler with sandbox.

Thu Oct 14 01:51:12 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=231727

            Bug ID: 231727
           Summary: New spec: Block external protocol handler with
                    sandbox.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: arthursonzogni at chromium.org

Implementation bug about a new specification:
spec: https://github.com/whatwg/html/pull/7124#pullrequestreview-778826909
whatwg/html bug: https://github.com/whatwg/html/issues/2191

Developers are surprised that sandboxed iframe can navigate and/or
redirect the user toward an external application.

General iframe navigation in the sandboxed iframe are not blocked
normally, because they stay within the iframe. However they can be seen
as a popup or a top-level navigation when it opens an external
application. In this case, it makes sense to extend the scope of sandbox
flags, and block malvertisers.

This feature gates access to external protocol from sandboxed iframe behind any of:
- allow-popup
- allow-top-level-navigation
- allow-top-level-navigation-by-user-activation + UserGesture.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211014/9ddc44d6/attachment.htm>