On Wed, Sep 30, 2015 at 10:51 AM, Mike West <mk...@google.com> wrote:

> On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.gre...@gmail.com
> > wrote:
>> *aaaaand* potentially modifying/dismantling
>> iframe sandboxes.
> Are you able to do this in any cases other than `allow-same-origin` and
> `allow-scripts`? If so, we should fix them. :)

I haven't spotted any such holes, though I also haven't tested it in all of
the various browser/OS configurations.  Again, you can see the live
analysis results for your browser at
http://jamesmgreene.github.io/sandblaster/test-iframes.html :)

> Thanks for putting this together!

Welcomed!  It was an interesting learning experience for me.

   James Greene

Reply via email to