175300 – [META] Implement missing iframe sandbox flags

Bug 175300 - [META] Implement missing iframe sandbox flags

Summary: [META] Implement missing iframe sandbox flags

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:	https://html.spec.whatwg.org/multipag...
Keywords:

Depends on:	158875 171321 171327 175281
Blocks:
	Show dependency tree / graph

Reported:	2017-08-07 16:18 PDT by Brent Fulgham
Modified:	2018-05-10 01:07 PDT (History)
CC List:	5 users (show)

See Also:	175281

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2017-08-07 16:18:37 PDT

The current HTML5 specification documents a set of sandbox flags that are not currently supported in WebKit:

1. Storage area URLs
2. document.domain browsing context (see Bug 175281)
3. Modals flag (relax via "allow-modals")
4. Orientation lock (relax via "allow-orientation-lock")
5. Presentation mode (relax via "allow-presentation")

We should implement these protections as well.

Comment 1 Brent Fulgham 2017-08-18 09:44:26 PDT

Note that allow-modals is handled by Bug 171321.

Comment 2 Adrian Perez 2017-08-24 06:45:55 PDT

The “allow-popups-to-escape-sandbox” flag is now implemented, see bug #158875

Comment 3 Frédéric Wang (:fredw) 2017-08-25 09:43:03 PDT

allow-top-navigation-by-user-activation was handled in bug 171327