Hello, Last month I uploaded a patch to support the allow-popups-to-escape-sandbox flag for iframe's sandbox attribute [1]. As suggested by its name, it allows popups to escape sandboxing. I tried to cc' people or find a reviewer on irc, but was not really successful so far :-( Can anyone please take a look?
It seems that a bug with security involvement was fixed last year: Basically popus were never sandboxed [2]. I see that the allow-popups-to-escape-sandbox flag changes that behavior when it is explicitly requested by the page's author, so I guess some careful review (from Apple?) might be required here. Thank you, Frédéric [1] https://bugs.webkit.org/show_bug.cgi?id=158875 [2] https://trac.webkit.org/changeset/204266 -- Frédéric Wang
signature.asc
Description: OpenPGP digital signature
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
