According to w3c specification Iframe.sandbox is readonly: http://www.w3.org/TR/2011/WD-html5-20110525/the-iframe-element.html But currently is changeable. Eg. var popr = document.getElementById("if2").sandbox; document.getElementById("if2").sandbox = "allow-scripts"; var newPopr = document.getElementById("if2").sandbox; assert_equals(newPopr, popr);
The problem is in ./Source/WebCore/html/HTMLIFrameElement.idl file. Readonly parameter for sandbox member is not provided.
Overview: Currently the sandbox implements the DOMString interface, it's invalid. According to the specification the sandbox attribute should implements DOMSettableTokenList interface: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-iframe-element The allowed values for the Iframe.sandbox element are: allow-forms, allow-pointer-lock, allow-popups, allow-same-origin, allow-scripts, and allow-top-navigation. If not allowed value will be set then appropriate console error message should be displayed. Problem: Take a look at the following JavaScript example: 1: i = document.createElement('Iframe'); 2: i.sandbox = "Incorrect value"; // It's easy to check that value is allowed 3: i.sandbox.value = "Incorrect value" // I don't know how to perform value validation In the line 2: It's pretty easy to define (in HTMLIFrameElement.idl file) CustomSetter for the sandbox attribute and check that set value is allowed. However, in line 3: I don't know how to do perform the value validation. When we invoke i.sandbox, then DOMSettableTokenList will be returned and we cannot perform value validation directly for the Iframe.sandbox object. Resolution: I have in mind one resolution. I can override DOMSettableTokenList::setValue method (DOMSettableTokenList.h). However, this way has disadvantages: a) the method has OVERRIDE FINAL specifier, hence I have to delete the FINAL specifier, b) the DOMSettableTokenList behavior will be changed and depended on element What I suppose to do? I believe that the problem can be resolved in IDL files but I don't have information how to do that. Thank you for answer.