New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 658985 link

Starred by 2 users
Status: Started
Owner:
mkwst@chromium.org
Buried. Ping if important.
Cc:
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

execCommand('print') lets pages bypass sandboxed iframe blocking of window.print

Reported by bzbar...@mit.edu, Oct 25 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Firefox/52.0

Example URL:

Steps to reproduce the problem:
1. Load the following page:

  <iframe srcdoc="<input type='button' value='click me to try to print'
                  onclick='document.execCommand(&quot;print&quot;, false, null);'>"
          sandbox="allow-scripts"></iframe>

2.  Click the button in the iframe.

What is the expected behavior?
The print dialog is blocked just like it would be for window.print(), because allow-modals is not specified in the sandbox flags.

What went wrong?
There was a modal print dialog even though the subframe was explicitly sandboxed without allow-modals.

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? No 

Does this work in other browsers? N/A

Chrome version: 56.0.2897.0 (Official Build) dev (64-bit)  Channel: dev
OS Version: OS X 10.10
Flash Version:

Comment 1 by mkwst@chromium.org, Oct 25 2016

Owner: mkwst@chromium.org
Status: Started (was: Unconfirmed)
I learn something new every day... Thanks!

https://codereview.chromium.org/2448833003 is out for review.

Comment 2 by dtapu...@chromium.org, Oct 25 2016

Components: -Blink Blink>Editing
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 26 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6a616686e564d5cac7d25b61070b5031a818df8d

commit 6a616686e564d5cac7d25b61070b5031a818df8d
Author: mkwst <mkwst@chromium.org>
Date: Wed Oct 26 10:47:55 2016

Sandbox should prevent 'execCommand("print", ...)'.

Unless 'allow-modals' is present, 'sandbox' should prevent modal dialogs,
including the print dialog popped up from 'execCommand("print", ...)'.
The existing code doesn't handle this case; this patch moves the sandbox
check up to 'ChromeClient::print()', which handles both 'print()' and
'execCommand("print", ...'.

BUG=658985
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2448833003
Cr-Commit-Position: refs/heads/master@{#427664}

[modify] https://crrev.com/6a616686e564d5cac7d25b61070b5031a818df8d/third_party/WebKit/LayoutTests/http/tests/security/sandbox-iframe-blocks-modals.php
[modify] https://crrev.com/6a616686e564d5cac7d25b61070b5031a818df8d/third_party/WebKit/Source/core/editing/commands/EditorCommand.cpp
[modify] https://crrev.com/6a616686e564d5cac7d25b61070b5031a818df8d/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp
[modify] https://crrev.com/6a616686e564d5cac7d25b61070b5031a818df8d/third_party/WebKit/Source/core/page/ChromeClient.cpp
[modify] https://crrev.com/6a616686e564d5cac7d25b61070b5031a818df8d/third_party/WebKit/Source/core/page/ChromeClient.h

Comment 4 by fw...@igalia.com, Jul 25 2017 

I guess this bug can be closed after https://codereview.chromium.org/2448833003 ?

Comment 5 by yosin@chromium.org, Oct 4 2017

Labels: Pri-3

Comment 6 by xiaoche...@chromium.org, Nov 13 2017

Components: Blink>Editing>Command

Sign in to add a comment