Bug 39330 - For <iframe src="some.swf" sandbox="...">, we should bail out of actually loading the plug-in data as soon as possible.
Summary: For <iframe src="some.swf" sandbox="...">, we should bail out of actually loa...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-18 16:28 PDT by Brady Eidson
Modified: 2010-05-18 16:28 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2010-05-18 16:28:00 PDT
For <iframe src="some.swf" sandbox="...">, we should bail out of actually loading the plug-in data as soon as possible.

Spun off from https://bugs.webkit.org/show_bug.cgi?id=39323.

To resolve 39323, I planned on just making sure the plugin code itself is never instantiated which both prevents the described crash and prevents the security/sandboxing exploits of having the plugin code executing.

But we should actually avoid actually loading anymore of the plugin data itself once we know it violates the sandboxing flags.