New issue
Advanced search Search tips

Issue 830766 link

Starred by 1 user
Status: WontFix
Owner:
iclell...@chromium.org
Closed: Jul 5
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Bug
M68



Sign in to add a comment

Sandbox flags inheritance causes srcdoc iframes to be cross-origin to a sandboxed parent frame

Project Member Reported by iclell...@chromium.org, Apr 9 2018 
Inside of a sandboxed iframe, another frame with an "about:srcdoc" or "about:blank" src URL should be considered same-origin.

Chrome doesn't do this currently (likely because opaque origins are not considered to be same-origin with themselves).

I expect that adding a unique nonce to opaque origins should go a long way towards fixing this (see https://crbug.com/712213) but adding this behavior as a separate bug for tracking purposes.

Quoth mkwst:
> https://html.spec.whatwg.org/#same-origin says that two origins are "same origin" and "same origin-domain" if they're the same opaque origin.
>
> https://html.spec.whatwg.org/#origin:document-2 says that the origin of an iframe srcdoc document is the origin of its ~parent, and the origin of an `about:blank` document is similar.

Comment 1 by dcheng@chromium.org, Apr 9 2018

Summary: Sandbox flags inheritance causes srcdoc iframes to be cross-origin to a sandboxed parent frame (was: <iframe srcdoc> does not inherit parent frame's origin when parent is sandboxed)
As discussed on the thread, this is due to sandbox flags inheritance.

Opaque origin inheritance does otherwise work correctly inside Blink itself (this can be tested by loading a HTML page with a srcdoc iframe from a data URL and verifying that the srcdoc is able to access its parent, even though it's a data URL)

Comment 2 by iclell...@chromium.org, Jul 5

Status: WontFix (was: Started)
Closing as WontFix; WAI

Sign in to add a comment