On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.gre...@gmail.com>

> While investigating, I ended up creating a JS library called *sandblaster*
> [1] to assist me in analyzing

We should probably just provide a mechanism for reading the currently
active sandboxing flags. You shouldn't have to write pages of code to get
that data. Somewhat the inverse of

> *aaaaand* potentially modifying/dismantling
> iframe sandboxes.

Are you able to do this in any cases other than `allow-same-origin` and
`allow-scripts`? If so, we should fix them. :)

Thanks for putting this together!


Reply via email to