39330 – For <iframe src="some.swf" sandbox="...">, we should bail out of actually loading the plug-in data as soon as possible.

NEW 39330

For <iframe src="some.swf" sandbox="...">, we should bail out of actually loading the plug-in data as soon as possible.

https://bugs.webkit.org/show_bug.cgi?id=39330

Summary For <iframe src="some.swf" sandbox="...">, we should bail out of actually loa...

Brady Eidson

Reported 2010-05-18 16:28:00 PDT

For <iframe src="some.swf" sandbox="...">, we should bail out of actually loading the plug-in data as soon as possible. Spun off from https://bugs.webkit.org/show_bug.cgi?id=39323. To resolve 39323, I planned on just making sure the plugin code itself is never instantiated which both prevents the described crash and prevents the security/sandboxing exploits of having the plugin code executing. But we should actually avoid actually loading anymore of the plugin data itself once we know it violates the sandboxing flags.

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Page Loading

Assignee

Nobody

Reported

2010-05-18 16:28 PDT

Modified

2010-05-18 16:28 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks