Skip to content
Permalink
Browse files

Block modal dialogs by default in sandboxed documents

This patch alters 'window.alert()', 'window.confirm()', 'window.print()',
'window.prompt()', and the 'beforeunload' event to suppress the modal
dialogs they would otherwise generate when called or fired from within a
sandboxed document. A new 'allow-modals' sandboxing token is added in
order to re-enable this functionality if desired.

Discussed at [1] and [2].

[1]: https://groups.google.com/a/chromium.org/d/msg/blink-dev/wXbgxLu63Fo/YtsqkySmTWcJ
[2]: https://lists.w3.org/Archives/Public/public-whatwg-archive/2015May/0035.html

Closes [3].

[3]: https://www.w3.org/Bugs/Public/show_bug.cgi?id=28818
  • Loading branch information...
mikewest authored and annevk committed Aug 29, 2015
1 parent 882803c commit bbccfc976754def0c187ac8ce5891d2fb20dfc15
Showing with 62 additions and 7 deletions.
  1. +62 −7 source
69 source
must be an <span>unordered set of unique space-separated tokens</span> that are <span>ASCII
case-insensitive</span>. The allowed values are <code
data-x="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
data-x="attr-iframe-sandbox-allow-modals">allow-modals</code>, <code
data-x="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>, <code
data-x="attr-iframe-sandbox-allow-popups">allow-popups</code>, <code
data-x="attr-iframe-sandbox-allow-popups-to-escape-sandbox">allow-popups-to-escape-sandbox</code>,
origin; the <code data-x="attr-iframe-sandbox-allow-top-navigation">allow-top-navigation</code>
keyword allows the content to <span>navigate</span> its <span>top-level browsing context</span>;
and the <code data-x="attr-iframe-sandbox-allow-forms">allow-forms</code>, <code
data-x="attr-iframe-sandbox-allow-modals">allow-modals</code>, <code
data-x="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>, <code
data-x="attr-iframe-sandbox-allow-popups">allow-popups</code>, <code
data-x="attr-iframe-sandbox-allow-scripts">allow-scripts</code>, and <code
data-x="attr-iframe-sandbox-allow-popups-to-escape-sandbox">allow-popups-to-escape-sandbox</code>
keywords re-enable forms, the pointer lock API, popups, scripts, and the creation of unsandboxed
<span>auxiliary browsing contexts</span> respectively. <ref spec=POINTERLOCK></p>
keywords re-enable forms, modal dialogs, the pointer lock API, popups, scripts, and the creation
of unsandboxed <span>auxiliary browsing contexts</span> respectively. <ref spec=POINTERLOCK></p>

<p class="warning">Setting both the <code
data-x="attr-iframe-sandbox-allow-scripts">allow-scripts</code> and <code

</dd>

<dt>The <dfn>sandboxed modals flag</dfn></dt>

<dd>

<p>This flag prevents content from using any of the following features to produce modal
dialogs:</p>

<ul>
<li><code data-x="dom-alert">window.alert()</code></li>
<li><code data-x="dom-confirm">window.confirm()</code></li>
<li><code data-x="dom-print">window.print()</code></li>
<li><code data-x="dom-prompt">window.prompt()</code></li>
<li><code data-x="dom-showmodaldialog">window.showModalDialog()</code></li>
<li>the <code data-x="event-beforeunload">beforeunload</code> event</li>
</ul>

</dd>


</dl>

<var>tokens</var> contains the <dfn><code data-x="attr-iframe-sandbox-allow-popups-to-escape-sandbox">allow-popups-to-escape-sandbox</code></dfn>
keyword.</p></li>

<li><p>The <span>sandboxed modals flag</span>, unless <var>tokens</var> contains the <dfn><code
data-x="attr-iframe-sandbox-allow-modals">allow-modals</code></dfn> keyword.</p></li>

</ul>

</li>

<li>

<p>If the <code data-x="dom-BeforeUnloadEvent-returnValue">returnValue</code> attribute of the
<var>event</var> object is not the empty string, or if the event was canceled, then the
user agent should ask the user to confirm that they wish to unload the document.</p>
<p>If the <code>Document</code>'s <span>active sandboxing flag set</span> does not have its
<span>sandboxed modals flag</span> set, and the <code
data-x="dom-BeforeUnloadEvent-returnValue">returnValue</code> attribute of the <var>event</var>
object is not the empty string, or if the event was canceled, then the user agent should ask the
user to confirm that they wish to unload the document.</p>

<p>The prompt shown by the user agent may include the string of the <code
data-x="dom-BeforeUnloadEvent-returnValue">returnValue</code> attribute, or some leading subset

<li><p>Release the <span>storage mutex</span>.</p></li>

<li><p>If the <span>active sandboxing flag set</span> of the <span>active document</span> of
the <span>responsible browsing context</span> specified by the <span>incumbent settings
object</span> has the <span>sandboxed modals flag</span> set, then abort these
steps.</p></li>

<li><p>Optionally, abort these steps. (For example, the user agent might give the user the option
to ignore all alerts, and would thus abort at this step whenever the method was
invoked.)</p></li>

<li><p>Release the <span>storage mutex</span>.</p></li>

<li><p>If the <span>active sandboxing flag set</span> of the <span>active document</span> of
the <span>responsible browsing context</span> specified by the <span>incumbent settings
object</span> has the <span>sandboxed modals flag</span> set, then return false and abort these
steps.</p></li>

<li><p>Optionally, return false and abort these steps. (For example, the user agent might give
the user the option to ignore all prompts, and would thus abort at this step whenever the method
was invoked.)</p></li>

<li><p>Release the <span>storage mutex</span>.</p></li>

<li><p>If the <span>active sandboxing flag set</span> of the <span>active document</span> of
the <span>responsible browsing context</span> specified by the <span>incumbent settings
object</span> has the <span>sandboxed modals flag</span> set, then return null and abort these
steps.</p></li>

<li><p>Optionally, return null and abort these steps. (For example, the user agent might give the
user the option to ignore all prompts, and would thus abort at this step whenever the method was
invoked.)</p></li>

</li>

<li>

<p>If the <span>active sandboxing flag set</span> of the <span>active document</span> of
the <span>responsible browsing context</span> specified by the <span>incumbent settings
object</span> has the <span>sandboxed modals flag</span> set, then abort these
steps.</p></li>

<p class="note">If the printing dialog is blocked by a <code>Document</code>'s sandbox,
then neither the <code data-x="event-beforeprint">beforeprint</code> nor <code
data-x="event-afterprint">afterprint</code> events will be fired.</p>

</li>

<li>

<p>The user agent must <span>fire a simple event</span> named <code

<p>If the <span>active sandboxing flag set</span> of the <span>active document</span> of the
<span>responsible browsing context</span> specified by the <span>incumbent settings
object</span> has its <span>sandboxed auxiliary navigation browsing context flag</span> set,
then return the empty string and abort these steps.</p>
object</span> has either the <span>sandboxed auxiliary navigation browsing context flag</span>
or <span>sandboxed modals flag</span> set, then return the empty string and abort these
steps.</p>

</li>

<td> Security rules for nested content
<td> <span>Unordered set of unique space-separated tokens</span>, <span>ASCII case-insensitive</span>, consisting of
"<code data-x="attr-iframe-sandbox-allow-forms">allow-forms</code>",
"<code data-x="attr-iframe-sandbox-allow-modals">allow-modals</code>",
"<code data-x="attr-iframe-sandbox-allow-pointer-lock">allow-pointer-lock</code>",
"<code data-x="attr-iframe-sandbox-allow-popups">allow-popups</code>",
"<code data-x="attr-iframe-sandbox-allow-popups-to-escape-sandbox">allow-popups-to-escape-sandbox</code>",

0 comments on commit bbccfc9

Please sign in to comment.
You can’t perform that action at this time.