[tahoe-lafs-trac-stream] [tahoe-lafs] #1797: WUI: view content in an HTML5 sandboxed iframe
tahoe-lafs
trac at tahoe-lafs.org
Tue Aug 28 18:42:41 UTC 2012
#1797: WUI: view content in an HTML5 sandboxed iframe
-------------------------+-------------------------------------------------
Reporter: | Owner:
davidsarah | Status: new
Type: defect | Milestone: soon
Priority: major | Version: 1.9.2
Component: code- | Keywords: wui security usability javascript
frontend-web | sandbox same-origin
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by davidsarah):
Replying to [comment:2 davidsarah]:
> {{{allow-top-navigation}}}:
> {{{allow-popups}}}:
> * No, the navigated frame or popup would be outside the sandbox. The
sandbox mechanism does not prevent an attacker from navigating directly to
the unsandboxed content from their own site, but we want to prevent this
from happening accidentally.
Also, in the table [http://www.whatwg.org/specs/web-apps/current-
work/multipage/browsers.html#browsing-context-names here], we want a
column that does not contain "master" or "top" in any row, so the iframe's
"seamless" attribute also must not be set.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1797#comment:3>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list