Bug 175300 - [META] Implement missing iframe sandbox flags
Summary: [META] Implement missing iframe sandbox flags
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: https://html.spec.whatwg.org/multipag...
Keywords:
Depends on: 158875 171321 171327 175281
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-07 16:18 PDT by Brent Fulgham
Modified: 2018-05-10 01:07 PDT (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2017-08-07 16:18:37 PDT
The current HTML5 specification documents a set of sandbox flags that are not currently supported in WebKit:

1. Storage area URLs
2. document.domain browsing context (see Bug 175281)
3. Modals flag (relax via "allow-modals")
4. Orientation lock (relax via "allow-orientation-lock")
5. Presentation mode (relax via "allow-presentation")

We should implement these protections as well.
Comment 1 Brent Fulgham 2017-08-18 09:44:26 PDT
Note that allow-modals is handled by Bug 171321.
Comment 2 Adrian Perez 2017-08-24 06:45:55 PDT
The “allow-popups-to-escape-sandbox” flag is now implemented, see bug #158875
Comment 3 Frédéric Wang (:fredw) 2017-08-25 09:43:03 PDT
allow-top-navigation-by-user-activation was handled in bug 171327