Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A pseudosafe iframe #906

Merged
merged 1 commit into from
Mar 7, 2023
Merged

A pseudosafe iframe #906

merged 1 commit into from
Mar 7, 2023

Conversation

veloman-yunkan
Copy link
Collaborator

"Fixes" kiwix/kiwix-tools#604.

This prevents scripts running inside an iframe from inadvertently manipulating the top browsing context. However a malicious script could still remove the sandboxing imposed on it (because the combination of "allow-same-origin" and "allow-scripts" is vulnerable).

@veloman-yunkan
A pseudosafe iframe
571b608 
This prevents scripts running inside an iframe from inadvertently
manipulating the top browsing context. However a malicious script could
still remove the sandboxing imposed on it (because the combination of
"allow-same-origin" and "allow-scripts" is vulnerable).
@codecov
Copy link

codecov bot commented Mar 6, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (32b4bca) 72.00% compared to head (571b608) 72.00%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #906   +/-   ##
=======================================
  Coverage   72.00%   72.00%           
=======================================
  Files          54       54           
  Lines        3751     3751           
  Branches     2096     2096           
=======================================
  Hits         2701     2701           
  Misses       1048     1048           
  Partials        2        2

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mgautierfr mgautierfr merged commit 3072513 into main Mar 7, 2023
@mgautierfr mgautierfr deleted the pseudosafe_iframe branch March 7, 2023 16:06
@veloman-yunkan veloman-yunkan mentioned this pull request Mar 15, 2023
Closed
@mgautierfr mgautierfr mentioned this pull request Mar 15, 2023
Closed
@veloman-yunkan veloman-yunkan mentioned this pull request May 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgautierfr mgautierfr mgautierfr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@veloman-yunkan @mgautierfr