New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 687059 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
mkwst@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Should navigation in popup be blocked from iframe with sandbox="allow-scripts allow-popups"?

Project Member Reported by zcorpan@gmail.com, Jan 31 2017 
sandbox="allow-popups-to-escape-sandbox" was added to HTML standard in https://github.com/whatwg/html/pull/14

Some tests were added to wpt in https://github.com/w3c/web-platform-tests/pull/3905

This test gives interesting results:

http://web-platform.test:8000/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3.html

The iframe opens an about:blank popup and tries to navigate it, which throws in Chrome/56.0.2924.59 but succeeds in 58.0.2997.0 canary and Gecko. I have not tried to follow exactly what the standard requires here, so not sure which behavior is correct. Please investigate. :-)

(This seems related to https://bugs.chromium.org/p/chromium/issues/detail?id=577330 but not quite since the test here just uses sandbox="allow-scripts allow-popups".)

Comment 1 by mkwst@chromium.org, Feb 23 2017

Labels: Sandbox
Status: Available (was: Untriaged)
Yeah, this is a bug. It's not related to `allow-popups-to-escape-sandbox`, we're just doing the wrong thing with the popup. The absence of `allow-top-navigation` should prevent the sandboxed frame from accessing it's top-level browsing context, but not a window that it was explicitly allowed to create.

Comment 2 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 3 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment