Closed Bug 1137942 Opened 9 years ago Closed 8 years ago

Move player into a sandbox without DOM access

Categories

(Firefox Graveyard :: Shumway, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: till, Assigned: yury)

References

Details

Currently we create a nested iframe inside the GFX/general Shumway iframe for the Shumway player. That means that the player can still do network requests directly and do whatever the DOM allows it to do.

To make our sandboxing verifiable, we should instead create a completely isolated sandbox for the player and pass it in to the Shumway iframe. Then we can give it an interface in much the same way we currently give the Shumway iframe an interface to privileged script.

Yury, CCing you because it's related to stuff you frequently work on, but if you don't think "oh, this sounds interesting, I'd like to work on it", then this is just an FYI and I'll work on it.
Blocks: 1137950
Assignee: nobody → ydelendik
The player moved into iframe with only script execution rights -- origin related functions are disabled. 

https://github.com/mozilla/shumway/pull/2098

DOM access is still needed for media stuff, e.g. sounds (Web Audio, <audio>) and video (<MediaSource>). See also bug 1047150.
Blocks: shumway-m4
No longer blocks: shumway-m3
Summary: Move player into a sandbox without IO capabilities or DOM access → Move player into a sandbox without DOM access
We still want this but it doesn't block shipping.
Blocks: shumway-later
No longer blocks: shumway-m4
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.