Closed Bug 951990 Opened 11 years ago Closed 11 years ago

Changing iframe sandbox by adding allow-same-origin has no effect

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: deian, Unassigned)

Details

Attachments

(1 file, 1 obsolete file)

iframe_sandbox_same_origin.html
912 bytes, text/html
Details
Attached file iframe_sandbox_same_origin.html (obsolete) — 
When adding the allow-same-origin keyword to a sandboxed iframe the iframe's contentDocument returns null, when in certain cases (about:srcdoc, about:blank, and same origin) it should return the actual document.

        Attachment #8349872 -
        Attachment is obsolete: true

    
    

    
  
Changing the sandbox attribute will affect _future_ loads in the iframe, but does not change anything about the document already loaded in the iframe.  The sandboxing flags of a document are immutable.

So the right way to write this test is to change @sandbox, then load a new document in the iframe, then see if it picked the new sandboxing flags.  I suspect that that works just fine.

    
    

    
  
(In reply to Boris Zbarsky [:bz] (Vacation Dec 19 to Jan 1) from comment #2)
> Changing the sandbox attribute will affect _future_ loads in the iframe, but
> does not change anything about the document already loaded in the iframe. 
> The sandboxing flags of a document are immutable.

Okay. In my opinion this makes more sense than what Chrome is doing
and what I thought the spec meant.

> So the right way to write this test is to change @sandbox, then load a new
> document in the iframe, then see if it picked the new sandboxing flags.  I
> suspect that that works just fine.

Yes, you are right. That works just fine.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID

    
    

    
  
Er... Chrome changes sandbox flags dynamically?  Can you file a bug on them, please?

    
    

    
  
(In reply to Boris Zbarsky [:bz] (Vacation Dec 19 to Jan 1) from comment #4)
> Er... Chrome changes sandbox flags dynamically?  Can you file a bug on them,
> please?

I am mistaken (sorry, staying away from keyboard for the rest of the night): for a fully loaded document, they do _not_. It's really a concurrency issue. It seemed like the flags were dynamically changing, but that's only because the flags on the docshell (or equivalent) were set before the document finished loading.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: