New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 722782 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: May 2017
Cc:
mkwst@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

AncestorOrigins has access to top even in sandbox without allow-same-origin

Reported by s.h.h.n....@gmail.com, May 16 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce the problem:
1. Go to https://vuln.shhnjk.com/sandbox.php?url=//test.shhnjk.com/ancestorOrigins.html&s=allow-scripts%20allow-modals
2. Top window's origin would be alerted.
3. 

What is the expected behavior?
No access should be granted when using iframe sandbox (at least for the one without allow-same-origin)

What went wrong?
Maybe add in spec of ancestorOrigins that it should block accessing top URL if sandboxed.

Did this work before? N/A 

Chrome version: 58.0.3029.110  Channel: stable
OS Version: 10.0
Flash Version:

Comment 1 by elawrence@chromium.org, May 16 2017

Cc: mkwst@chromium.org
Components: Blink>SecurityFeature>IFrameSandbox
I wouldn't expect a Sandbox to prevent read access here. This sounds like a spec issue variant of Issue 722448.

Comment 2 by elawrence@chromium.org, May 18 2017

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
https://w3c.github.io/html/browsers.html#dom-location-ancestororigins does not suggest that sandboxing should have any impact on the list of ancestors returned.

If you believe the spec is wrong, please consider filing an issue on the spec here: https://github.com/w3c/html/issues/new

Sign in to add a comment