Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 8 users
Status: Fixed
Owner:
Closed: Oct 2015
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Status: ----
Launch-Test: ----
Launch-UI: ----
Product-Review: ----



Sign in to add a comment
Block dialogs ('alert()', 'confirm()', 'prompt()', 'print()') inside sandboxed documents.
Project Member Reported by mkwst@chromium.org, May 1 2015 Back to list
Folks who care about blocking malvertising are interested in locking down `sandbox` a bit more with regard to dialog prompts. This seems like a pretty reasonable thing to do (as discussed briefly at https://lists.w3.org/Archives/Public/public-whatwg-archive/2014May/0002.html).
 
Project Member Comment 1 by bugdroid1@chromium.org, May 4 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=194873

------------------------------------------------------------------
r194873 | mkwst@chromium.org | 2015-05-04T16:41:27.182055Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/UseCounter.h?r1=194873&r2=194872&pathrev=194873
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/LocalDOMWindow.cpp?r1=194873&r2=194872&pathrev=194873

Add metrics for dialogs triggered inside sandboxed documents.

BUG= 483624 

Review URL: https://codereview.chromium.org/1121053002
-----------------------------------------------------------------
Project Member Comment 2 by bugdroid1@chromium.org, May 22 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=195791

------------------------------------------------------------------
r195791 | mkwst@chromium.org | 2015-05-22T15:32:01.538764Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SandboxFlags.cpp?r1=195791&r2=195790&pathrev=195791
   D http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/resources/navigate-top-by-name-to-fail.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt?r1=195791&r2=195790&pathrev=195791
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/sandbox-iframe-allows-modals.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/resources/drag-drop-allowed.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-workers.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/Source/web/AssertMatchingEnums.cpp?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/isolatedWorld/resources/fail.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/drag-drop-same-unique-origin-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-popup-from-sandbox.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php?r1=195791&r2=195790&pathrev=195791
   D http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandbox.php?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SandboxFlags.h?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-navigator.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe.html?r1=195791&r2=195790&pathrev=195791
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/sandbox-iframe-allows-modals-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt?r1=195791&r2=195790&pathrev=195791
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/sandbox-iframe-blocks-modals.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/LocalDOMWindow.cpp?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/RuntimeEnabledFeatures.in?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/fast/frames/sandboxed-iframe-workers-expected.txt?r1=195791&r2=195790&pathrev=195791
   M http://src.chromium.org/viewvc/blink/trunk/public/web/WebSandboxFlags.h?r1=195791&r2=195790&pathrev=195791

Block modal dialogs inside sandboxes.

This patch adds a runtime flag to block modal dialogs inside sandboxed
documents, and a corresponding `allow-modals` sandbox flag to re-enable
that functionality.

Intent to Implement at [1], discussion on whatwg@ at [2].

[1]: https://groups.google.com/a/chromium.org/d/msg/blink-dev/mXX0AO6Lioo/ual1B_3IqTYJ
[2]: https://lists.w3.org/Archives/Public/public-whatwg-archive/2015May/0035.html

BUG= 483624 
R=dcheng@chromium.org

Review URL: https://codereview.chromium.org/1126253007
-----------------------------------------------------------------
Project Member Comment 3 by bugdroid1@chromium.org, May 26 2015
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17d29fe84dc5e4645bd38e92d86ee3dd2bc47875

commit 17d29fe84dc5e4645bd38e92d86ee3dd2bc47875
Author: mkwst <mkwst@chromium.org>
Date: Tue May 26 11:16:05 2015

Updating sandbox flags after Blink-side changes.

Blink added two sandbox flags; this patch brings //content into line.

BUG= 483624 ,  487157 

Review URL: https://codereview.chromium.org/1149753005

Cr-Commit-Position: refs/heads/master@{#331345}

[modify] http://crrev.com/17d29fe84dc5e4645bd38e92d86ee3dd2bc47875/content/common/frame_replication_state.h
[modify] http://crrev.com/17d29fe84dc5e4645bd38e92d86ee3dd2bc47875/content/renderer/render_frame_impl.cc

Project Member Comment 4 by bugdroid1@chromium.org, Jun 17 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=197257

------------------------------------------------------------------
r197257 | mkwst@chromium.org | 2015-06-17T13:05:28.959507Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/LocalDOMWindow.cpp?r1=197257&r2=197256&pathrev=197257

Add console messages when modals are suppressed due to sandboxing.

BUG= 483624 
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1191903002
-----------------------------------------------------------------
Project Member Comment 5 by bugdroid1@chromium.org, Jul 16 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=199016

------------------------------------------------------------------
r199016 | mkwst@chromium.org | 2015-07-16T08:19:06.596815Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/platform/RuntimeEnabledFeatures.in?r1=199016&r2=199015&pathrev=199016

Ship sandbox changes.

This patch enables the two changes specified at [1]: 'allow-modals', and
'allow-popups-to-escape-sandbox'.

Intent to ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/wXbgxLu63Fo

[1]: https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments

BUG= 487157 , 483624 
R=jochen@chromium.org

Review URL: https://codereview.chromium.org/1238793004
-----------------------------------------------------------------
Comment 6 by mkwst@chromium.org, Oct 6 2015
Status: Fixed
Comment 7 by dbeam@chromium.org, Jun 24 2016
FYI: this broke the bookmark manager's ability to show 15+ bookmarks at once as it talks asynchronously to bookmarksPrivate and tries to confirm() AFTER that's done.
Why does the bookmark manager use confirm() instead of a <dialog>?
Sign in to add a comment