subject:"Re\: \[whatwg\] `iframe\[@sandbox\]`\: \"sandblaster\" JS library for analysis\/modification"

Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

2015-09-30 Thread James M. Greene

On Wed, Sep 30, 2015 at 10:51 AM, Mike West  wrote:

> On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene  > wrote:
>>
>> *and* potentially modifying/dismantling
>> iframe sandboxes.
>>
>
> Are you able to do this in any cases other than `allow-same-origin` and
> `allow-scripts`? If so, we should fix them. :)
>

I haven't spotted any such holes, though I also haven't tested it in all of
the various browser/OS configurations.  Again, you can see the live
analysis results for your browser at
http://jamesmgreene.github.io/sandblaster/test-iframes.html :)

> Thanks for putting this together!
>

Welcomed!  It was an interesting learning experience for me.

Sincerely,
   James Greene

Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

2015-09-30 Thread Mike West

On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene 
wrote:

> While investigating, I ended up creating a JS library called *sandblaster*
> [1] to assist me in analyzing

We should probably just provide a mechanism for reading the currently
active sandboxing flags. You shouldn't have to write pages of code to get
that data. Somewhat the inverse of
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29061.

> *and* potentially modifying/dismantling
> iframe sandboxes.
>

Are you able to do this in any cases other than `allow-same-origin` and
`allow-scripts`? If so, we should fix them. :)

Thanks for putting this together!

-mike

Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

Re: [whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

2 matches

Site Navigation

Mail list logo

Footer information