Closed Bug 1735746 Opened 1 year ago Closed 5 months ago

Block external protocol handler with sandbox.

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
101 Branch
Tracking Status
firefox101 --- fixed

People

(Reporter: arthursonzogni, Assigned: pbz)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog3])

Attachments

(4 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36

Steps to reproduce:

Implementation bug about a new specification:
spec: https://github.com/whatwg/html/pull/7124#pullrequestreview-778826909
whatwg/html bug: https://github.com/whatwg/html/issues/2191

Developers are surprised that sandboxed iframe can navigate and/or
redirect the user toward an external application.

General iframe navigation in the sandboxed iframe are not blocked
normally, because they stay within the iframe. However they can be seen
as a popup or a top-level navigation when it opens an external
application. In this case, it makes sense to extend the scope of sandbox
flags, and block malvertisers.

This feature gates access to external protocol from sandboxed iframe behind any of:

  • allow-popup
  • allow-top-level-navigation
  • allow-top-level-navigation-by-user-activation + UserGesture.
Status: UNCONFIRMED → NEW
Component: DOM: Navigation → DOM: Security
Ever confirmed: true

This is a real issue on mobile for app intents, too. If, as a site author, I sandbox untrusted content and don't give it permission to navigate me away, I also don't want it popping up some other app or the play store on top of me. Of course, advertising-supported sites will want to be able to grant that permission.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-backlog3]
Assignee: nobody → pbz
Status: NEW → ASSIGNED
Blocks: 1762420
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/49f2e283115d
Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug
https://hg.mozilla.org/integration/autoland/rev/9968278b9efe
Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre
https://hg.mozilla.org/integration/autoland/rev/3b06ed08d93b
Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/703dfd92c775
External protocol navigation sandbox tests. r=nika
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ce3b938dce61
Block external protocol navigation from sandboxed contexts. r=nika,ckerschb,Gijs,smaug
https://hg.mozilla.org/integration/autoland/rev/853b1951f8f8
Add a pref and limit external protocol sandbox blocking to Nightly. r=ckerschb,farre
https://hg.mozilla.org/integration/autoland/rev/2b26f37436f9
Log an error message to the web console for blocked external protocol navigation from sandbox. r=ckerschb
https://hg.mozilla.org/integration/autoland/rev/88761b7441ee
External protocol navigation sandbox tests. r=nika
Regressions: 1765548
Regressions: 1765650
Flags: needinfo?(pbz)
Blocks: 1766828
Regressions: 1767277
No longer regressions: 1767277
You need to log in before you can comment on or make changes to this bug.