Opened at 2012-08-27T18:27:07Z
Last modified at 2013-09-14T17:40:44Z
#1797 new defect
WUI: view content in an HTML5 sandboxed iframe — at Initial Version
| Reported by: | davidsarah | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | code-frontend-web | Version: | 1.9.2 |
| Keywords: | wui security usability javascript sandbox same-origin websec | Cc: | freddyb |
| Launchpad Bug: |
Description
Sandboxed iframes support loading content in a separate unique origin (when the allow-same-origin is not set). This solves many (not all) of the problems described in #615, for browsers that support it: Chrome, IE10+, and soon Firefox 17+.
Note that if we sandbox by default, that will affect the ability to save the raw version of files with in-browser-viewable MIME types served from Tahoe (because it will also save the framing page). To mitigate that we also need #827.
Note: See
TracTickets for help on using
tickets.
