Confirmed users
197
edits
Features/Platform/Iframe Sandbox: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 29: | Line 29: | ||
* We will create the flags as described in the HTML5 spec's description of the IFRAME sandbox attribute on both the docshell and the document when it is loaded | * We will create the flags as described in the HTML5 spec's description of the IFRAME sandbox attribute on both the docshell and the document when it is loaded | ||
(the flag constants will move to their own header and out of nsIDocShell in the near future) | |||
nsIDocShell.idl will contain : | nsIDocShell.idl will contain : | ||
<pre> | <pre> | ||
| Line 86: | Line 87: | ||
* Disabling Javascript via mDocShell->SetAllowJavascript(false) causes some issues, for example, video controls and even the error for an unsupported codec don't work in this situation. I want to try an alternate implementation that uses the same script choke points as CSP to try to maximize the functionality available in a sandboxed document while still not allowing the document to load a remote script or execute inline script. | * Disabling Javascript via mDocShell->SetAllowJavascript(false) causes some issues, for example, video controls and even the error for an unsupported codec don't work in this situation. I want to try an alternate implementation that uses the same script choke points as CSP to try to maximize the functionality available in a sandboxed document while still not allowing the document to load a remote script or execute inline script. | ||
* After discussion, for workers, the plan is to allow workers to be loaded inside a sandboxed document with 'allow-scripts' (but not to require 'allow-same-origin') from a data: URL or a blob URL created by the same sandboxed document creating the worker. This requires modifying either worker code or CheckMayLoad() code most likely. | * After discussion, for workers, the plan is to allow workers to be loaded inside a sandboxed document with 'allow-scripts' (but not to require 'allow-same-origin') from a data: URL or a blob URL created by the same sandboxed document creating the worker. This requires modifying either worker code or CheckMayLoad() code most likely. | ||
* After discussion, although the sandbox attribute is specified as DOMSettableTokenList in the HTML5 spec, this implementation will implement it as a DOMString. | * After discussion, although the sandbox attribute is specified as DOMSettableTokenList in the HTML5 spec, this implementation will implement it as a DOMString. | ||
|Feature security review=This feature will definitely need a full security review from the Security Assurance team. I've posted this feature page on dev.security and updated the bug with decisions and implementation plans as implementation has proceeded. Before the security review I will post again to dev.security and encourage review of this feature page and the HTML5 iframe sandbox spec. | |Feature security review=This feature will definitely need a full security review from the Security Assurance team. I've posted this feature page on dev.security and updated the bug with decisions and implementation plans as implementation has proceeded. Before the security review I will post again to dev.security and encourage review of this feature page and the HTML5 iframe sandbox spec. | ||
|Feature qa review=We will need a test suite for this feature. Microsoft has released test cases for sandboxing publically that have been submitted to the W3C for inclusion in the HTML5 test suite. We will definitely want to compare our implementation to other browsers' implementation for consistency etc. and address inconsistencies via suggested modifications to the HTML5 spec and discussion on the whatwg list. Boris Zbarsky has suggested submitting our sandbox test suite to the W3C also. | |Feature qa review=We will need a test suite for this feature. Microsoft has released test cases for sandboxing publically that have been submitted to the W3C for inclusion in the HTML5 test suite. We will definitely want to compare our implementation to other browsers' implementation for consistency etc. and address inconsistencies via suggested modifications to the HTML5 spec and discussion on the whatwg list. Boris Zbarsky has suggested submitting our sandbox test suite to the W3C also. | ||