New issue
Advanced search Search tips

Issue 783930 link

Starred by 2 users
Status: Duplicate
Merged: issue 539938
Owner: ----
Closed: Nov 2017
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Feature



Sign in to add a comment

Disable content-disposition (forced file download) in iframes. May be add "allow-content-disposition" to sandbox attribute

Reported by vse...@oath.com, Nov 10 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Steps to reproduce the problem:
In the advertising world the most common issue seen is malware injected on user's computer through malicious ads. Hence, to restrict what an ad can do on a page, iframe sandbox facilitates good controls and a very helpful enhancement to have would be an attribute that can disallow forced file downloads.

What is the expected behavior?
With 

What went wrong?
This is an enhancement request for iframe sandbox.

Did this work before? N/A 

Chrome version: 61.0.3163.100  Channel: n/a
OS Version: OS X 10.12.6
Flash Version:

Comment 1 by vse...@oath.com, Nov 10 2017 

Please ignore the typo in "What is the expected behavior?". Thanks!

Comment 2 by est...@chromium.org, Nov 10 2017

Mergedinto: 539938
Status: Duplicate (was: Unconfirmed)
Thanks for the report. I do think this would be a good idea and we already have a bug on file for it.

Comment 3 by est...@chromium.org, Nov 10 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Feature

Sign in to add a comment