Restrict history navigations if navigation occurs from a sandboxed iframe

Prevents history navigations that originate from a sandboxed iframe without top level navigation permission and that navigates a frame outside of itself.

Sandboxing an iframe should prevent an iframe from having effects outside of itself. History APIs seem to bypass this restriction and it is agreed this is a hole in sandboxing.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Proposed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2019-08-14