Restrict history navigations if navigation occurs from a sandboxed iframe

Requires top-level navigation permission for history navigations from sandboxed iframes to frames outside of itself.

Sandboxing an iframe should prevent an iframe from having effects outside of itself. History APIs seem to bypass this restriction and it is agreed this is a hole in sandboxing.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Proposed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2019-08-23