Hi webkit-dev, This is a request for Webkit's position about blocking navigation toward external protocols from sandboxed iframe.
*Summary:* Gates sandboxed iframe navigation toward external protocol behind any of: - allow-popups - allow-top-navigation - allow-top-navigation-with-user-gesture (+ user gesture) *Motivation:* Developers are surprised that a sandboxed iframe can navigate and/or redirect the user toward an external application. General iframe navigation in sandboxed iframe are not blocked normally, because they stay within the iframe. However they can be seen as a popup or a top-level navigation when it leads to opening an external application. In this case, it makes sense to extend the scope of sandbox flags, to block malvertising. *Issue:*https://github.com/whatwg/html/issues/2191 *Specification:*https://github.com/whatwg/html/pull/7124 *Mozilla position*https://github.com/mozilla/standards-positions/issues/581 I would love to hear your feedback. Arthur @arthursonzogni
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
