[tahoe-lafs-trac-stream] [tahoe-lafs] #1797: WUI: view content in an HTML5 sandboxed iframe
tahoe-lafs
trac at tahoe-lafs.org
Sat Sep 14 17:40:44 UTC 2013
#1797: WUI: view content in an HTML5 sandboxed iframe
-------------------------+-------------------------------------------------
Reporter: | Owner:
davidsarah | Status: new
Type: defect | Milestone: soon
Priority: major | Version: 1.9.2
Component: code- | Keywords: wui security usability javascript
frontend-web | sandbox same-origin websec
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Changes (by zooko):
* keywords: wui security usability javascript sandbox same-origin => wui
security usability javascript sandbox same-origin websec
Old description:
> Sandboxed iframes support loading content in a separate unique origin
> (when the {{{allow-same-origin}}} is not set). This solves many (not all)
> of the problems described in #615, for browsers that support it: Chrome,
> IE10+, and soon Firefox 17+.
>
> Note that if we sandbox by default, that will affect the ability to save
> the raw version of files with in-browser-viewable MIME types served from
> Tahoe (because it will also save the framing page). To mitigate that we
> also need #827.
New description:
Sandboxed iframes support loading content in a separate unique origin
(when the {{{allow-same-origin}}} is not set). This solves many (not all)
of the problems described in #615, for browsers that support it: Chrome,
IE10+, and soon Firefox 17+.
Note that if we sandbox by default, that will affect the ability to save
the raw version of files with in-browser-viewable MIME types served from
Tahoe (because it will also save the framing page). To mitigate that we
also need #827.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1797#comment:8>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list