Bug 175300

Summary: [META] Implement missing iframe sandbox flags
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: aperez, bfulgham, cdumez, fred.wang, rbuis
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: https://html.spec.whatwg.org/multipage/origin.html#sandboxing
See Also: https://bugs.webkit.org/show_bug.cgi?id=175281
Bug Depends on: 158875, 171321, 171327, 175281    
Bug Blocks:    

Description Brent Fulgham 2017-08-07 16:18:37 PDT 
The current HTML5 specification documents a set of sandbox flags that are not currently supported in WebKit:

1. Storage area URLs
2. document.domain browsing context (see Bug 175281)
3. Modals flag (relax via "allow-modals")
4. Orientation lock (relax via "allow-orientation-lock")
5. Presentation mode (relax via "allow-presentation")

We should implement these protections as well.
Comment 1 Brent Fulgham 2017-08-18 09:44:26 PDT 
Note that allow-modals is handled by Bug 171321.
Comment 2 Adrian Perez 2017-08-24 06:45:55 PDT 
The “allow-popups-to-escape-sandbox” flag is now implemented, see bug #158875
Comment 3 Frédéric Wang (:fredw) 2017-08-25 09:43:03 PDT 
allow-top-navigation-by-user-activation was handled in bug 171327