Confirmed users
197
edits
Features/Platform/Iframe Sandbox: Difference between revisions
Jump to navigation
Jump to search
Features/Platform/Iframe Sandbox (view source)
Revision as of 21:58, 3 November 2011
, 3 November 2011no edit summary
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
}} | }} | ||
{{FeatureTeam | {{FeatureTeam | ||
|Feature product manager=Lucas Adamski | |||
|Feature lead engineer=Ian Melven | |Feature lead engineer=Ian Melven | ||
|Feature security lead=Curtis Koenig | |Feature security lead=Curtis Koenig | ||
| Line 11: | Line 12: | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature overview=The HTML5 standard specifies a new attribute for the IFRAME element, "sandbox". See also [https://bugzilla.mozilla.org/show_bug.cgi?id=341604 bug 341604] "Implement HTML5 sandbox attribute for IFRAMEs" and [https://bugzilla.mozilla.org/show_bug.cgi?id=671389 bug 671389] "Implement CSP sandbox directive" | |Feature overview=The HTML5 standard specifies a new attribute for the IFRAME element, "sandbox". See also [https://bugzilla.mozilla.org/show_bug.cgi?id=341604 bug 341604] "Implement HTML5 sandbox attribute for IFRAMEs" and [https://bugzilla.mozilla.org/show_bug.cgi?id=671389 bug 671389] "Implement CSP sandbox directive" | ||
|Feature users and use cases=Users are web developers looking for a way to isolate content on | |Feature users and use cases=Users are web developers looking for a way to isolate content on their site and preventing it from having its default same origin privileges. The HTML5 spec specifies some modifying attributes that can re-grant permissions such as executing scripts and submitting forms, etc. | ||
|Feature requirements=If at all possible, this feature should be designed and implemented in a way that makes it usable for also implementing the sandboxing required to support the CSP (Content Security Policy) sandbox value also. | |Feature requirements=If at all possible, this feature should be designed and implemented in a way that makes it usable for also implementing the sandboxing required to support the CSP (Content Security Policy) sandbox value also. | ||
|Feature non-goals=Providing sandboxing above and beyond what's described in the HTML5 spec, implementing the IFRAME seamless attribute and interactions between it the sandbox attribute. | |Feature non-goals=Providing sandboxing above and beyond what's described in the HTML5 spec, implementing the IFRAME seamless attribute and interactions between it the sandbox attribute. | ||
|Feature functional spec=An IFRAME with the sandbox attribute (and its various modifying attributes) should behave as outlined in the HTML5 spec. See W3C Working Draft at http://www.w3.org/TR/html5/the-iframe-element.html#the-iframe-element and W3C Editor's Draft at http://dev.w3.org/html5/spec/Overview.html#the-iframe-element. This feature should also be compatibile with the CSP sandbox spec (need a link) | |Feature functional spec=An IFRAME with the sandbox attribute (and its various modifying attributes) should behave as outlined in the HTML5 spec. See W3C Working Draft at http://www.w3.org/TR/html5/the-iframe-element.html#the-iframe-element and W3C Editor's Draft at http://dev.w3.org/html5/spec/Overview.html#the-iframe-element. This feature should also be compatibile with the CSP sandbox spec (need a link) | ||
|Feature security review=This feature will likely need a full security review from the secteam. | |Feature security review=This feature will likely need a full security review from the secteam. | ||
|Feature qa review=We will need a test suite for this feature. Microsoft has released test cases for sandboxing, I'm not sure of their licensing status currently. We will want to compare our implementation to other browsers' implementation for consistency etc. | |Feature qa review=We will need a test suite for this feature. Microsoft has released test cases for sandboxing, I'm not sure of their licensing status currently. We will definitely want to compare our implementation to other browsers' implementation for consistency etc. and likely address inconsistencies via suggested modifications to the HTML5 spec. | ||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||