Description was changed from ========== Add an 'allow-top-navigation-with-user-interaction' sandbox flag. BUG=662506 ========== to ========== Add ...
3 years, 11 months ago
(2017-01-18 21:47:14 UTC)
#3
Description was changed from
==========
Add an 'allow-top-navigation-with-user-interaction' sandbox flag.
BUG=662506
==========
to
==========
Add an 'allow-top-navigation-with-user-interaction' sandbox flag.
This is a new flag for `<iframe sandbox="...">` which will allow a
sandboxed document to navigate top-level page only with a user activation (aka.
gesture). This will allow, for example, a third-party advertisement to be safely
sandboxed without breaking existing sandboxed contents.
Intent to Implement & Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/Flt2IixYQK4/RKMfll65...
BUG=662506
==========
This seems reasonable to me, though I'm not an expert in the specific code here. ...
3 years, 11 months ago
(2017-01-18 22:24:47 UTC)
#7
This seems reasonable to me, though I'm not an expert in the specific code here.
+japhet@ who has been touching this code most recently and so is probably the
main person who should review the details (with mkwst and ojan as optional since
I know they're both pretty swamped).
Are you planning on submitting a HTML spec PR for this, or do you want to ask
domenic@ or mkwst@ to see if they're willing to do that?
Note that HTML spec changes now require web-platform-tests
(https://github.com/w3c/web-platform-tests) so you probably want to write your
test in web-platform-test style (like the other iframe sandbox tests there) and
land in LayoutTests for now. Then once there's agreement on the spec change,
you can move the test out of LayoutTests into web-platform-test (which can now
by done by committing directly to LayoutTests/imported/wpt/).
Bin Lu
Thanks Rick for the quick review. japhet@, could you take a look today or tomorrow? ...
3 years, 11 months ago
(2017-01-18 22:53:28 UTC)
#8
Thanks Rick for the quick review.
japhet@, could you take a look today or tomorrow? I'm hoping to land it in M57
(whose deadline is tomorrow).
It'll be great if domenic@ or mkwst@ is willing to do the spec part.
Just added some tests.
Will look at how web-platform-tests works since it's new to me.
And will convert them accordingly once we don't the spec change.
Thanks,
Bin
On 2017/01/18 22:24:47, Rick Byers wrote:
> This seems reasonable to me, though I'm not an expert in the specific code
here.
> +japhet@ who has been touching this code most recently and so is probably the
> main person who should review the details (with mkwst and ojan as optional
since
> I know they're both pretty swamped).
>
> Are you planning on submitting a HTML spec PR for this, or do you want to ask
> domenic@ or mkwst@ to see if they're willing to do that?
>
> Note that HTML spec changes now require web-platform-tests
> (https://github.com/w3c/web-platform-tests) so you probably want to write your
> test in web-platform-test style (like the other iframe sandbox tests there)
and
> land in LayoutTests for now. Then once there's agreement on the spec change,
> you can move the test out of LayoutTests into web-platform-test (which can now
> by done by committing directly to LayoutTests/imported/wpt/).
Nate Chapin
Code changes LGTM
3 years, 11 months ago
(2017-01-18 23:00:33 UTC)
#9
Code changes LGTM
Bin Lu
The CQ bit was checked by binlu@google.com to run a CQ dry run
3 years, 11 months ago
(2017-01-19 06:25:25 UTC)
#10
CQ is committing da patch. Bot data: {"patchset_id": 100001, "attempt_start_ts": 1484808936895810, "parent_rev": "b05d288f8a09314e59b4a9747a9775c4e5f5ba2f", "commit_rev": "7a2bf4d888a500a9db0772ce02a88adbb7be6aee"}
3 years, 11 months ago
(2017-01-19 09:20:46 UTC)
#15
CQ is committing da patch.
Bot data: {"patchset_id": 100001, "attempt_start_ts": 1484808936895810,
"parent_rev": "b05d288f8a09314e59b4a9747a9775c4e5f5ba2f", "commit_rev":
"7a2bf4d888a500a9db0772ce02a88adbb7be6aee"}
commit-bot: I haz the power
Description was changed from ========== Add an 'allow-top-navigation-with-user-interaction' sandbox flag. This is a new flag ...
3 years, 11 months ago
(2017-01-19 09:21:16 UTC)
#16
Message was sent while issue was closed.
Description was changed from
==========
Add an 'allow-top-navigation-with-user-interaction' sandbox flag.
This is a new flag for `<iframe sandbox="...">` which will allow a
sandboxed document to navigate top-level page only with a user activation (aka.
gesture). This will allow, for example, a third-party advertisement to be safely
sandboxed without breaking existing sandboxed contents.
Intent to Implement & Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/Flt2IixYQK4/RKMfll65...
BUG=662506
==========
to
==========
Add an 'allow-top-navigation-with-user-interaction' sandbox flag.
This is a new flag for `<iframe sandbox="...">` which will allow a
sandboxed document to navigate top-level page only with a user activation (aka.
gesture). This will allow, for example, a third-party advertisement to be safely
sandboxed without breaking existing sandboxed contents.
Intent to Implement & Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/Flt2IixYQK4/RKMfll65...
BUG=662506
Review-Url: https://codereview.chromium.org/2645733002
Cr-Commit-Position: refs/heads/master@{#444687}
Committed:
https://chromium.googlesource.com/chromium/src/+/7a2bf4d888a500a9db0772ce02a8...
==========
commit-bot: I haz the power
Committed patchset #6 (id:100001) as https://chromium.googlesource.com/chromium/src/+/7a2bf4d888a500a9db0772ce02a88adbb7be6aee
3 years, 11 months ago
(2017-01-19 09:21:18 UTC)
#17
Issue 2645733002: Add an 'allow-top-navigation-with-user-interaction' sandbox flag.
(Closed)
Created 3 years, 11 months ago by Bin Lu
Modified 3 years, 11 months ago
Reviewers: Rick Byers, Nate Chapin
Base URL:
Comments: 0
Chromium Code Reviews
Issue
2645733002:
Add an 'allow-top-navigation-with-user-interaction' sandbox flag. (Closed)
