106787 – Log to console when ineffectively sandboxing same-origin content.

NEW106787

Log to console when ineffectively sandboxing same-origin content.

https://bugs.webkit.org/show_bug.cgi?id=106787

Summary Log to console when ineffectively sandboxing same-origin content.

Mike West

Reported 2013-01-14 05:55:47 PST

When loading same-origin content into a sandbox with both the 'allow-same-origin' and 'allow-scripts' flags, the sandboxed content can trivially remove sandboxing restrictions by reaching up into the parent, removing the 'sandbox' attribute, and reloading itself. The spec explicitly calls this out as Something Not To Do. We should do the same via the console. Mozilla's working on this as well, FWIW: https://bugzilla.mozilla.org/show_bug.cgi?id=752559

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2013-01-14 05:55 PST

Modified

2013-01-14 05:55 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks

104141

Dependencies

tree graph