[Webkit-unassigned] [Bug 231727] New: New spec: Block external protocol handler with sandbox.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 14 01:51:12 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=231727
Bug ID: 231727
Summary: New spec: Block external protocol handler with
sandbox.
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: arthursonzogni at chromium.org
Implementation bug about a new specification:
spec: https://github.com/whatwg/html/pull/7124#pullrequestreview-778826909
whatwg/html bug: https://github.com/whatwg/html/issues/2191
Developers are surprised that sandboxed iframe can navigate and/or
redirect the user toward an external application.
General iframe navigation in the sandboxed iframe are not blocked
normally, because they stay within the iframe. However they can be seen
as a popup or a top-level navigation when it opens an external
application. In this case, it makes sense to extend the scope of sandbox
flags, and block malvertisers.
This feature gates access to external protocol from sandboxed iframe behind any of:
- allow-popup
- allow-top-level-navigation
- allow-top-level-navigation-by-user-activation + UserGesture.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211014/9ddc44d6/attachment.htm>
More information about the webkit-unassigned
mailing list