Sandboxed iframe can initiate or instantiate downloads. Chrome is planning on removing this capability - i.e. Chrome is going to block all downloads initiated from or instantiated in a sandboxed iframe by default. The embedder may add "allow-downloads" to the sandbox attributes list to opt in. This allows content providers to restrict malicious or abusive downloads.

Motivation

This allows content providers to restrict malicious or abusive downloads.

Documentation

• Spec:
• https://github.com/whatwg/html/pull/4293
• Spec discussions:
• https://github.com/whatwg/html/issues/3236
• Design Doc:
• https://docs.google.com/document/d/1XfLQd9IbJBPAE4IAOvu4EubUaLuICJrDlrmz0Ya_mqQ

Specification

Established standard

Status in Chromium

Blink components: Blink

Removed (tracking bug) in:

• Chrome for desktop release 83
• Chrome for Android release 83

Consensus & Standardization

• Firefox: No signal
• Edge: No signal
• Safari: No signal
• Web Developers: No signals

Owner

• yaoxia@chromium.org

Comments

Downloads can bring security vulnerabilities to a system. Even though additional security checks are done in Chrome and the operating system, we feel blocking downloads in sandboxed iframes also fits the general thought behind the sandbox.

Search tags

Last updated on 2021-06-19