Bug 106787
| Summary: | Log to console when ineffectively sandboxing same-origin content. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mike West <mkwst> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 104141 | ||
Mike West
When loading same-origin content into a sandbox with both the 'allow-same-origin' and 'allow-scripts' flags, the sandboxed content can trivially remove sandboxing restrictions by reaching up into the parent, removing the 'sandbox' attribute, and reloading itself. The spec explicitly calls this out as Something Not To Do. We should do the same via the console.
Mozilla's working on this as well, FWIW: https://bugzilla.mozilla.org/show_bug.cgi?id=752559
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |