File: sandbox_flags.md

package info (click to toggle)
chromium 120.0.6099.224-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 6,112,112 kB
  • sloc: cpp: 32,907,025; ansic: 8,148,123; javascript: 3,679,536; python: 2,031,248; asm: 959,718; java: 804,675; xml: 617,256; sh: 111,417; objc: 100,835; perl: 88,443; cs: 53,032; makefile: 29,579; fortran: 24,137; php: 21,162; tcl: 21,147; sql: 20,809; ruby: 17,735; pascal: 12,864; yacc: 8,045; lisp: 3,388; lex: 1,323; ada: 727; awk: 329; jsp: 267; csh: 117; exp: 43; sed: 37
file content (29 lines) | stat: -rw-r--r-- 1,091 bytes parent folder | download | duplicates (16) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
The sandbox policy
------------------

The sandbox policy determines a set of capabilities a document will have.
It is defined in two types of objects:
- The frame.
- The document.

The frame policy is parsed from the <iframe>’s sandbox attribute.
Example: <iframe sandbox="allow-script allow-origin">

The document policy is parsed from the HTTP Content-Security-Policy header.
Example: Content-Security-Policy: sandbox allow-script allow-origin

On top of that, the sandbox policy is inherited from:
- The frame to its document.
- The document to its children frames.
- The document to its opened windows’s main frame.

The distinction between a frame and a document is important. The document is
replaced after navigations, but the frame stays.

The sandbox policy is bit field. The sandbox flags are defined by:
/services/network/public/mojom/web_sandbox_flags.mojom
Multiple sandbox policy are combined using a bitwise AND in the bitfield. This
way, the policy can only be further restricted.

Specification:
- http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox