Summary: | Same domain sandboxed iframe events blocked from parent listener without allow-scripts | ||
---|---|---|---|
Product: | WebKit | Reporter: | Caleb Cordry <ccordry> |
Component: | Frames | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Normal | CC: | bfulgham, opendarwin, phil, smoley, webkit-bug-importer, youennf |
Priority: | P2 | Keywords: | InRadar |
Version: | Safari 14 | ||
Hardware: | All | ||
OS: | macOS 10.15 |
Description
Caleb Cordry
2020-10-22 09:59:25 PDT
Thanks for filing, I can reproduce this on Safari 12.1.2 as well as Safari Beta version 14.0.1 using the linked test case. *** Bug 221283 has been marked as a duplicate of this bug. *** This bug also exists in Safari Version 15.5. This bug has a negative affect on web security because Safari's behavior means it's harder for developers to utilize sandboxed iframes to block scripts from within the iframe, if the external page still needs any scripting control. |