Gates sandboxed iframe navigation toward external protocol behind any of: - allow-popups - allow-top-navigation - allow-top-navigation-with-user-activation (+ user activation) Motivation: Sandboxed iframe navigation are allowed, because they stay within the iframe. However when they lead to opening an external application, this can be seen as a new popup or a new top-level navigation somehow. Extending sandbox scope here, resolves issues with malicious advertisers among others.

Documentation

Specification

Specification link


Proposal in a personal repository, no adoption from community

Status in Chromium

Blink>SecurityFeature>IFrameSandbox


In developer trial (Behind a flag) (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Last updated on 2021-11-29