Restrict history navigations if navigation occurs from a sandboxed iframe

Requires top-level navigation permission for history navigations from sandboxed iframes to frames outside of itself.

Motivation

Sandboxing an iframe should prevent an iframe from having effects outside of itself. History APIs seem to bypass this restriction and it is agreed this is a hole in sandboxing.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Proposed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Positive
  • No signal
  • No signal
  • No signals

Owner

Search tags

iframe, sandbox, history,

Last updated on 2020-10-25