LGTM1 to remove On Mon, Jun 5, 2023 at 10:15 AM Arthur Sonzogni <arthursonzo...@chromium.org> wrote:
> Contact emailsarthursonzo...@chromium.org > > Explainer > https://docs.google.com/document/d/1_89X4cNUab-PZE0iBDTKIftaQZsFbk7SbFmHbqY54os/edit > > Specificationhttps://html.spec.whatwg.org/#document-open-steps > > Design docs > https://docs.google.com/document/d/1_89X4cNUab-PZE0iBDTKIftaQZsFbk7SbFmHbqY54os/edit > > Summary > > Sandbox flags of the caller are currently applied to the callee when > document.open targets a different window. Stop doing it. > > Blink componentBlink>SecurityFeature>IFrameSandbox > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3EIFrameSandbox> > > Motivation > > > - It makes it difficult for Chrome's implementation to stay in a > consistent state. > - The removed behavior was not specified. Safari and Firefox do not > implement it. > - It had no security benefits. > > > Initial public proposalNone > > Search tagssandbox <https://chromestatus.com/features#tags:sandbox>, > iframe <https://chromestatus.com/features#tags:iframe>, document.open > <https://chromestatus.com/features#tags:document.open> > > TAG reviewNone > > TAG review statusNot applicable > > Risks > > > Interoperability and Compatibility > > This should be a trivial removal. Currently, 0.000002% pages are > "potentially" affected: > https://chromestatus.com/metrics/feature/timeline/popularity/4375 In most > cases, a less restrictive sandbox flag is not going to negatively impact > the affected pages. So 0.000002% should be seen as an upper bound. This > brings Chrome's implementation closer to the specification, and closer to > Firefox and SafarI. This has a positive impact on interoperability. > > > *Gecko*: N/A This aligns Chrome with Firefox, because Firefox never > implemented this behavior. > > *WebKit*: N/A This aligns Chrome with Safari, because Safari never > implemented this behavior. > > *Web developers*: No signals > > *Other signals*: > > Security > > The removed feature did not have any security benefits. A sandboxed iframe > that can call document.open on its neighbors must have “allow-scripts” > and “allow-same-origin” capabilities. This is already a known way to > escape sandbox, independently of document.open. For instance, one can call > `eval` > on its parent to escape its sandbox. Chrome and Firefox display the > message: "An iframe which has both allow-scripts and allow-same-origin > for its sandbox attribute can escape its sandboxing." Security > considerations: > https://docs.google.com/document/d/1_89X4cNUab-PZE0iBDTKIftaQZsFbk7SbFmHbqY54os/edit#bookmark=id.7lqerksbaalj > > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Debuggability > > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?Yes > > Before the removal: Safari/Firefox PASS. Chrome/Edge FAIL: > > https://wpt.fyi/results/html/browsers/sandboxing/sandbox-document-open-mutation.window.html?label=master&label=stable&aligned > > After the removal. Safari/Firefox/Chrome/Edge: PASS. > > <https://wpt.fyi/results/html/browsers/sandboxing/sandbox-document-open-mutation.window.html?label=master&label=stable&aligned> > https://wpt.fyi/results/html/browsers/sandboxing/sandbox-document-open-mutation.window.html > > Flag name--enable-blink-features=DocumentOpenSandboxInheritanceRemoval > > Requires code in //chrome?False > > Tracking bughttps://crbug.com/1186311 > > Estimated milestones > Shipping on desktop 116 > Shipping on Android 116 > Shipping on WebView 116 > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5171677800955904 > > Links to previous Intent discussions > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH7Q68Xb-GTak%3DVDx1cak-3%3D77e%2BudHkquttq8au_d3jt59KJw%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH7Q68Xb-GTak%3DVDx1cak-3%3D77e%2BudHkquttq8au_d3jt59KJw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUfH6yVMG-yEUZ6LitTY6M7VOQ0rURrWOf5G1rvrGFo3g%40mail.gmail.com.