RESOLVED FIXED 171327
Add attribute allow-top-navigation-by-user-activation to iframe sandbox 
https://bugs.webkit.org/show_bug.cgi?id=171327
Summary Add attribute allow-top-navigation-by-user-activation to iframe sandbox
Bin Lu
Reported 2017-04-26 09:12:35 PDT
There is a new attribute proposed to iframe sandbox: https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-top-navigation-by-user-activation This is a follow-up work of: https://bugs.webkit.org/show_bug.cgi?id=158875 https://bugs.webkit.org/show_bug.cgi?id=171321 The new attribute requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent unexpected malicious behaviors like plugin exploits, auto-redirects, file downloading, modal dialogs, etc). Demo link (Available in Chrome 58+): http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html For more context: https://github.com/w3ctag/design-reviews/issues/154 https://github.com/WICG/interventions/issues/42
Attachments
Patch (19.34 KB, patch)
2017-07-11 02:53 PDT, Frédéric Wang (:fredw) 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (10.25 MB, application/zip)
2017-07-11 04:32 PDT, Build Bot 		no flags
Details
Patch (20.77 KB, patch)
2017-07-11 06:49 PDT, Frédéric Wang (:fredw) 		no flags
DetailsFormatted DiffDiff
Adjustment after bug 174351 (3.46 KB, patch)
2017-07-11 06:49 PDT, Frédéric Wang (:fredw) 		no flags
DetailsFormatted DiffDiff
Patch (21.20 KB, patch)
2017-07-12 08:50 PDT, Frédéric Wang (:fredw) 		cdumez: review+
cdumez: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Frédéric Wang (:fredw)
Comment 1 2017-06-21 09:53:41 PDT
There is also an automated test: http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html I'm not sure, but maybe it is going to timeout for the same reason as tests mentioned in bug 173657.
Frédéric Wang (:fredw)
Comment 2 2017-07-11 02:53:48 PDT
Created attachment 315087 [details] Patch
Build Bot
Comment 3 2017-07-11 04:32:00 PDT
Comment on attachment 315087 [details] Patch Attachment 315087 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4099774 New failing tests: http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-1.html http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html
Build Bot
Comment 4 2017-07-11 04:32:02 PDT
Created attachment 315090 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
Frédéric Wang (:fredw)
Comment 5 2017-07-11 06:49:16 PDT
Created attachment 315103 [details] Patch New version using UIHelper.
Frédéric Wang (:fredw)
Comment 6 2017-07-11 06:49:45 PDT
Created attachment 315104 [details] Adjustment after bug 174351
Frédéric Wang (:fredw)
Comment 7 2017-07-12 08:50:58 PDT
Created attachment 315246 [details] Patch
Chris Dumez
Comment 8 2017-07-17 11:48:21 PDT
Comment on attachment 315246 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315246&action=review r=me > Source/WebCore/dom/Document.cpp:3104 > + // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting') WebKit comments should end with a period. > LayoutTests/ChangeLog:19 > + * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html: Added. Please add a test for when such navigation is NOT allowed.
Frédéric Wang (:fredw)
Comment 9 2017-07-21 01:45:19 PDT
Comment on attachment 315246 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315246&action=review >> Source/WebCore/dom/Document.cpp:3104 >> + // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting') > > WebKit comments should end with a period. oops, this change is a mistake indeed. >> LayoutTests/ChangeLog:19 >> + * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html: Added. > > Please add a test for when such navigation is NOT allowed. OK, I'll do that. Thanks!
Frédéric Wang (:fredw)
Comment 10 2017-07-24 01:33:21 PDT
Committed r219797: <http://trac.webkit.org/changeset/219797>
Bin Lu
Comment 11 2017-11-08 09:11:08 PST
Any idea on when this will be available on which version of Safari? I tested it on Safari on iOS 11/11.1, as well as Safari 11/11.01 on macOS, and it's not recognized (although 'allow-popups-to-escape-sandbox' is supported). But Safari technology preview version 40 does support it. So I'm wondering how Safari technology preview version would correspond to Safari version or iOS version. Thanks!
Frédéric Wang (:fredw)
Comment 12 2018-03-30 12:08:36 PDT
(In reply to Bin Lu from comment #11) > Any idea on when this will be available on which version of Safari? Hi Bin Lu. I just tested with the latest releases of iOS and macOS and the allow-top-navigation-by-user-activation works for me. Tests: http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html https://webkit.org/demos/frames/sandboxing/
Bin Lu
Comment 13 2018-04-02 12:11:57 PDT
Awesome. Thanks Frederic! I've just verified that "allow-top-navigation-by-user-activation" is now supported on iOS 11.3. For MacOS, I haven't been able to get the Safari update yet, and will test it once I get it.
Bin Lu
Comment 14 2018-04-19 16:33:30 PDT
My MacOS has been finally updated, and I've just verified that "allow-top-navigation-by-user-activation" is now supported on Safari 11.1 (13605.1.33.1.2) on MacOS High Sierra Version 10.13.4. Thanks Frederic again for the nice work!
Note You need to log in before you can comment on or make changes to this bug.