ISSUE-166: text/html-sandboxed does not always fail closed

html-sandboxed

text/html-sandboxed does not always fail closed

State:
CLOSED
Product:
HTML 5 spec
Raised by:
Adrian Bateman
Opened on:
2011-06-23
Description:
This issue was raised on behalf of Jacob Rossi.

The current spec includes a text/html-sandboxed MIME type to mitigate a scenario where a sandboxed iframe can be escaped by top level navigation to the content (thereby escaping the origin protections). It's designed with the intention of failing closed in non-supporting UAs. However, there are cases where this design will not work (IE6 as an example). Because sandbox is a defense in-depth feature, we need a solution to this scenario which also appears as defense in-depth--this suggests failing open. Our suggestion was a MIME type attribute such as text/html;sandboxed. It would behave the same as text/html-sandboxed except that non-supporting UAs would render it without restrictions (exactly as the sandbox iframe attribute behaves). Additionally, this has the benefit of allowing content other than text/html to be sandboxed by the server (e.g., image/svg+xml;sandboxed).

See the associated bug for details:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12390
Related Actions Items:
No related actions
Related emails:
  1. {minutes} HTML WG telecon 2010-10-20: issue updates (from eoconnor@apple.com on 2011-10-20)
  2. {agenda} HTML WG telecon 2010-10-20: issue updates (from rubys@intertwingly.net on 2011-10-19)
  3. RE: {minutes} HTML WG telecon 2011-09-29: Issue progress, Task Force reports (from adrianba@microsoft.com on 2011-09-29)
  4. RE: {minutes} HTML WG telecon 2011-09-29: Issue progress, Task Force reports (from adrianba@microsoft.com on 2011-09-29)
  5. {agenda} HTML WG telecon 2011-09-29: Issue progress, Task Force reports (from rubys@intertwingly.net on 2011-09-27)
  6. Re: CfC: Close ISSUE-166 html-sandboxed by Amicable Resolution (from rubys@intertwingly.net on 2011-09-25)
  7. {minutes} HTML WG telcon 2011-09-22 (from mike@w3.org on 2011-09-23)
  8. {agenda} HTML WG telcon 2011-09-22 ¿¿¿ anyone willing to scribe ??? (from rubys@intertwingly.net on 2011-09-20)
  9. {minutes} HTML WG telcon 2011-09-15 (from eoconnor@apple.com on 2011-09-15)
  10. {agenda} HTML WG telcon 2011-09-15 (from mjs@apple.com on 2011-09-14)
  11. CfC: Close ISSUE-166 html-sandboxed by Amicable Resolution (from mjs@apple.com on 2011-09-14)
  12. Re: {agenda} HTML WG telecon 2010-09-08: New calls for proposals, task force reports (from eoconnor@apple.com on 2011-09-08)
  13. HTML WG telecon 2011-09-01: Issue progress, Task Force reports (from rubys@intertwingly.net on 2011-08-31)
  14. RE: {minutes} HTML WG telcon 2010-08-24: (from adrianba@microsoft.com on 2011-08-25)
  15. {agenda} HTML WG telcon 2010-08-24: (from mjs@apple.com on 2011-08-24)
  16. {agenda} HTML WG telecon 2011-08-04: Issues, Task Force Reports, Overdue P1, Last Call components (from rubys@intertwingly.net on 2011-08-03)
  17. ISSUE-166: html-sandboxed - Chairs Solicit Alternate Proposals or Counter-Proposals (from rubys@intertwingly.net on 2011-08-03)
  18. Re: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from annevk@opera.com on 2011-08-03)
  19. RE: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from Jacob.Rossi@microsoft.com on 2011-08-03)
  20. Re: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from mjs@apple.com on 2011-08-02)
  21. RE: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from Jacob.Rossi@microsoft.com on 2011-08-02)
  22. Re: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from mjs@apple.com on 2011-08-01)
  23. RE: {Minutes} HTML WG telecon 2011-07-28: Issues, Last Call period (from adrianba@microsoft.com on 2011-07-28)
  24. Re: {Agenda} HTML WG telecon 2011-07-28: Issues, Last Call period (from janina@rednote.net on 2011-07-27)
  25. RE: {Agenda} HTML WG telecon 2011-07-28: Issues, Last Call period (from Eliot.Graff@microsoft.com on 2011-07-27)
  26. {Agenda} HTML WG telecon 2011-07-28: Issues, Last Call period (from Paul.Cotton@microsoft.com on 2011-07-27)
  27. RE: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from Jacob.Rossi@microsoft.com on 2011-07-25)
  28. RE: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from Paul.Cotton@microsoft.com on 2011-07-24)
  29. {minutes} HTML WG telecon 2011-07-21: Task Force reports, Last Call change control, Decision Policy (from eoconnor@apple.com on 2011-07-21)
  30. {agenda} HTML WG telecon 2011-07-21: Task Force reports, Last Call change control, Decision Policy (from mjs@apple.com on 2011-07-20)
  31. RE: ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from adrianba@microsoft.com on 2011-07-07)
  32. Re: {agenda} HTML WG telecon 2011-06-30 WG Issues, Calls, TAG Issue (RDFa/Microdata), author-view (from rubys@intertwingly.net on 2011-06-30)
  33. {agenda} HTML WG telecon 2011-06-30 WG Issues, Calls, TAG Issue (RDFa/Microdata), author-view (from rubys@intertwingly.net on 2011-06-28)
  34. ISSUE-166 html-sandboxed: Chairs Solicit Proposals (from rubys@intertwingly.net on 2011-06-28)
  35. HTML-ISSUE-166 (html-sandboxed): text/html-sandboxed does not always fail closed [HTML 5 spec] (from sysbot+tracker@w3.org on 2011-06-23)

Related notes:

Working Group decision:

http://lists.w3.org/Archives/Public/public-html/2010Sep/0178.html

Decision applied:

http://html5.org/tools/web-apps-tracker?from=6656&to=6657

Sam Ruby, 17 Oct 2011, 18:41:15

Changelog:

Created issue 'text/html-sandboxed does not always fail closed' nickname html-sandboxed owned by Adrian Bateman on product HTML 5 spec, description 'This issue was raised on behalf of Jacob Rossi.

The current spec includes a text/html-sandboxed MIME type to mitigate a scenario where a sandboxed iframe can be escaped by top level navigation to the content (thereby escaping the origin protections). It's designed with the intention of failing closed in non-supporting UAs. However, there are cases where this design will not work (IE6 as an example). Because sandbox is a defense in-depth feature, we need a solution to this scenario which also appears as defense in-depth--this suggests failing open. Our suggestion was a MIME type attribute such as text/html;sandboxed. It would behave the same as text/html-sandboxed except that non-supporting UAs would render it without restrictions (exactly as the sandbox iframe attribute behaves). Additionally, this has the benefit of allowing content other than text/html to be sandboxed by the server (e.g., image/svg+xml;sandboxed).

See the associated bug for details:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12390' non-public

Adrian Bateman, 23 Jun 2011, 16:23:01

Status changed to 'open'

Sam Ruby, 26 Jul 2011, 20:13:48

Status changed to 'closed'

Sam Ruby, 17 Oct 2011, 18:41:15


Paul Cotton <Paul.Cotton@microsoft.com>, Maciej Stachowiak <mjs@apple.com>, Sam Ruby <rubys@intertwingly.net>, Chairs, Michael[tm] Smith <mike@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.325 2014-09-10 21:42:02 ted Exp $