Block external protocol handler with sandbox.
Categories
(Core :: DOM: Security, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox101 | --- | fixed |
People
(Reporter: arthursonzogni, Assigned: pbz)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog3])
Attachments
(4 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36
Steps to reproduce:
Implementation bug about a new specification:
spec: https://github.com/whatwg/html/pull/7124#pullrequestreview-778826909
whatwg/html bug: https://github.com/whatwg/html/issues/2191
Developers are surprised that sandboxed iframe can navigate and/or
redirect the user toward an external application.
General iframe navigation in the sandboxed iframe are not blocked
normally, because they stay within the iframe. However they can be seen
as a popup or a top-level navigation when it opens an external
application. In this case, it makes sense to extend the scope of sandbox
flags, and block malvertisers.
This feature gates access to external protocol from sandboxed iframe behind any of:
- allow-popup
- allow-top-level-navigation
- allow-top-level-navigation-by-user-activation + UserGesture.
Updated•3 years ago
|
Comment 1•3 years ago
|
||
This is a real issue on mobile for app intents, too. If, as a site author, I sandbox untrusted content and don't give it permission to navigate me away, I also don't want it popping up some other app or the play store on top of me. Of course, advertising-supported sites will want to be able to grant that permission.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
Assignee | ||
Comment 3•3 years ago
|
||
Depends on D141131
Assignee | ||
Comment 4•3 years ago
|
||
Depends on D141132
Assignee | ||
Comment 5•3 years ago
|
||
Depends on D141133
Assignee | ||
Comment 6•3 years ago
|
||
Intent to prototype / ship: https://groups.google.com/a/mozilla.org/g/dev-platform/c/41BviX-s6T4
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/49f2e283115d Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug https://hg.mozilla.org/integration/autoland/rev/9968278b9efe Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre https://hg.mozilla.org/integration/autoland/rev/3b06ed08d93b Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/703dfd92c775 External protocol navigation sandbox tests. r=nika
Comment 8•3 years ago
|
||
Backed out for causing failures at browser_protocol_custom_sandbox.js.
Backout link: https://hg.mozilla.org/integration/autoland/rev/7bf170550c0c17a095ede586b52cb058ec657229
Failure log: https://treeherder.mozilla.org/logviewer?job_id=373456039&repo=autoland&lineNumber=10879
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ce3b938dce61 Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug https://hg.mozilla.org/integration/autoland/rev/853b1951f8f8 Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre https://hg.mozilla.org/integration/autoland/rev/2b26f37436f9 Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/88761b7441ee External protocol navigation sandbox tests. r=nika
Comment 10•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ce3b938dce61
https://hg.mozilla.org/mozilla-central/rev/853b1951f8f8
https://hg.mozilla.org/mozilla-central/rev/2b26f37436f9
https://hg.mozilla.org/mozilla-central/rev/88761b7441ee
Assignee | ||
Updated•2 years ago
|
Description
•