The sandbox policy
------------------
The sandbox policy determines a set of capabilities a document will have.
It is defined in two types of objects:
- The frame.
- The document.
The frame policy is parsed from the <iframe>’s sandbox attribute.
Example: <iframe sandbox="allow-script allow-origin">
The document policy is parsed from the HTTP Content-Security-Policy header.
Example: Content-Security-Policy: sandbox allow-script allow-origin
On top of that, the sandbox policy is inherited from:
- The frame to its document.
- The document to its children frames.
- The document to its opened windows’s main frame.
The distinction between a frame and a document is important. The document is
replaced after navigations, but the frame stays.
The sandbox policy is bit field. The sandbox flags are defined by:
/services/network/public/mojom/web_sandbox_flags.mojom
Multiple sandbox policy are combined using a bitwise AND in the bitfield. This
way, the policy can only be further restricted.
Specification:
- http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox
Codebase Browser
chromium