Open NAndreasson opened 8 years ago
We discussed this on April 13 on https://gitter.im/w3c/webappsec-cowl
The short summary is that if a context has untainted children frames and then taints itself, it can leak data by re-sizing the iframe.
sensitive:...
to denote that data is very sensitive and should not be leaked via covert channels. This amounts to adding some more restrictions (e.g., you can't get tainted with this principal if you have untainted children).
Ties into issue #33
By creating an unconfined child context, before becoming confined, it is possible to leak secrets to it.
Leaking Information
Also there is a more "subtle" case where you indirectly changes the size of the unconfined context.
Retrieving Information
From the unconfined frame it is possible to retrieve information via the width/height properties.