Chrome 115 added HTMLFencedFrameElement.sandbox #25227
Conversation
github-actions
bot
added
data:api
api/HTMLFencedFrameElement.json
Outdated
| ], | ||
| "support": { | ||
| "chrome": { | ||
| "version_added": "117" |
There was a problem hiding this comment.
I found https://chromiumdash.appspot.com/commit/2469f173c9941d20dbbe3154cb4f7c51b88285ff, which suggests Chrome 114.
However, the commit message states:
As of this CL, the sandbox attribute for fenced frames is only used as a
check on embedder-initiated navigations: if the value of the sandbox
attribute doesn't permit the mandatory unsandboxed flags, the navigation
will fail in the renderer.
To me, this suggests that it's only partially implemented in that version?
The corresponding code comment is still in the sources today.
|
So, the reason the sandbox attribute only comes up now is that it was only recently added to the spec in WICG/fenced-frame#180. |
|
Hi everyone, The code comment refers to the fact that right now, we enforce a strict and exact set of sandboxing flags. Any fenced frames with a sandboxing flag set that's more restrictive will be blocked from loading, and anything that's less restrictive will be tightened to the predefined list. The comment is more an implementation detail that says that, since the strict set of sandboxing flags is already defined, we will just consult that list rather than looking at what was set in the element, but the overall behavior ends up being the same. The sandbox flag attribute was shipped with the base version of fenced frames (114 for that commit, 115 for shipping fenced frames as a whole), but we had forgotten to include sandboxing flags in the spec until a recent audit uncovered that gap. |
github-actions
bot
added
data:http
|
Thank you so much, @blu25! I've set all fencedframe features to Chrome 115. Unfortunately, for APIs gated behind enrollment, our compat data collection tool is not working accurately, so I think your information is more correct as opposed to what we see from our tests. (see openwebdocs/mdn-bcd-collector#986) |
caugner
changed the title
Looks like it is mentioned with the original implementation issue: https://issues.chromium.org/issues/40053214, so setting to 117. (collector says it would be 126 but I didn't find any evidence for that.)