Features/Platform/CSP Sandbox

From MozillaWiki
< Features‎ | Platform
Revision as of 18:34, 1 May 2012 by Imelven (talk | contribs) (Created page with "{{FeatureStatus |Feature name=CSP Sandbox |Feature stage=Draft |Feature health=OK |Feature status note=The CSP 1.0 spec is being finalized - some folks would like sandbox to go i...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Please use "Edit with form" above to edit this page.

Status

CSP Sandbox
Stage Draft
Status `
Release target `
Health OK
Status note The CSP 1.0 spec is being finalized - some folks would like sandbox to go into CSP 1.0 while so far Mozilla has asked for it to be deferred until CSP 1.1

{{#set:Feature name=CSP Sandbox

|Feature stage=Draft |Feature status=` |Feature version=` |Feature health=OK |Feature status note=The CSP 1.0 spec is being finalized - some folks would like sandbox to go into CSP 1.0 while so far Mozilla has asked for it to be deferred until CSP 1.1 }}

Team

Product manager Lucas Adamski
Directly Responsible Individual Ian Melven
Lead engineer Ian Melven
Security lead Daniel Veditz
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Tanvi Vyas

{{#set:Feature product manager=Lucas Adamski

|Feature feature manager=Ian Melven |Feature lead engineer=Ian Melven |Feature security lead=Daniel Veditz |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Tanvi Vyas }}

Open issues/risks

  • waiting to see what happens with CSP sandbox going into CSP 1.0 vs CSP 1.1 spec
  • intersection of CSP sandbox flags with iframe sandbox flags when both are specified

Stage 1: Definition

1. Feature overview

2. Users & use cases

The CSP sandbox attribute is designed to allow sandboxing of content that cannot necessarily be wrapped in an iframe sandbox, or that can be accessed directly, avoiding any sandboxing that may be done by a containing iframe.

3. Dependencies

Requires the sandboxing infrastructure from https://wiki.mozilla.org/Features/Platform/Iframe_Sandbox

4. Requirements

Comply with the CSP spec's description of this feature

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=* waiting to see what happens with CSP sandbox going into CSP 1.0 vs CSP 1.1 spec

  • intersection of CSP sandbox flags with iframe sandbox flags when both are specified

|Feature overview=* https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#sandbox

|Feature users and use cases=The CSP sandbox attribute is designed to allow sandboxing of content that cannot necessarily be wrapped in an iframe sandbox, or that can be accessed directly, avoiding any sandboxing that may be done by a containing iframe. |Feature dependencies=Requires the sandboxing infrastructure from https://wiki.mozilla.org/Features/Platform/Iframe_Sandbox |Feature requirements=Comply with the CSP spec's description of this feature |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}

Feature details

Priority P3
Rank 999
Theme / Goal `
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Security

{{#set:Feature priority=P3

|Feature rank=999 |Feature theme=` |Feature roadmap=Security |Feature secondary roadmap=Platform |Feature list=` |Feature project=` |Feature engineering team=Security }}

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}


Retrieved from "https://wiki.allizom.org/index.php?title=Features/Platform/CSP_Sandbox&oldid=426123"