Issue 917461 link

Starred by 2 users

Issue metadata

Status:	Available
Owner:	----
Cc:	iclell...@chromium.org alex...@chromium.org wfh@chromium.org creis@chromium.org
Components:	Blink>SecurityFeature>IFrameSandbox Internals>Sandbox>SiteIsolation
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Feature

Blocking:
issue 786673

Site Isolation should enforce that sandboxed iframes stay sandboxed

Project Member Reported by lukasza@chromium.org, Dec 21

Issue description

REPRO STEPS:

1. a.com embeds a sandboxed b.com subframe:
   <iframe sandbox href=”https://b.com/subframe.html”>

   With site-per-process b.com's frame will be hosted
   in a process dedicated to the b.com’s site.

2. Let’s assume that no unsandboxed frames are present in
   the b.com's process.

EXPECTED BEHAVIOR: Even if b.com’s process gets compromised, it should not be able to:
     - Create new windows or dialogs
     - Load plugins
     - Submit forms
     - Navigate the parent frame
     - Lock the mouse pointer
     (this list is based on https://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/)

ACTUAL BEHAVIOR: No browser-side enforcement of iframe-sandbox attributes?

Comment 1 by mkwst@chromium.org, Yesterday (44 hours ago)

Labels: -Type-Bug Type-Feature
Status: Available (was: Untriaged)

https://html.spec.whatwg.org/multipage/origin.html#sandboxing is a more complete list.

Marking this as an available feature request to get it out of the triage queue. :)

►

Issue 917461 link

Issue metadata

Site Isolation should enforce that sandboxed iframes stay sandboxed

Issue description

Comment 1 by mkwst@chromium.org, Yesterday (44 hours ago)

Comment 1 Deleted

Sign in to add a comment