Features/Platform/CSP Sandbox

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

CSP Sandbox
Stage Development
Status In progress
Release target `
Health OK
Status note Sandbox is currently part of the CSP 1.1 spec

Team

Product manager Sid Stamm
Directly Responsible Individual Devdatta Akhawe
Lead engineer `
Security lead Daniel Veditz
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members Tanvi Vyas, Devdatta Akhawe

Open issues/risks

  • need iframe sandbox (bug 341604) to land

Stage 1: Definition

1. Feature overview

2. Users & use cases

The CSP sandbox attribute is designed to allow sandboxing of content that cannot necessarily be wrapped in an iframe sandbox, or that can be accessed directly, avoiding any sandboxing that may be done by a containing iframe.

3. Dependencies

Requires the sandboxing infrastructure from https://wiki.mozilla.org/Features/Platform/Iframe_Sandbox

4. Requirements

Comply with the CSP spec's description of this feature

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`


Feature details

Priority P3
Rank 999
Theme / Goal Security Leadership
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team Security

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `