How to break out of a sandboxed iFrame?

Question

1. What is the issue?

The sandbox attribute added for iFrame elements in HTML5 spec renders any frame breaking/busting/killing method null in modern browsers (tested with current version of Chrome & Safari) if the flag allow-top-navigation is not set, even if the flags allow-forms and allow-scripts are present.

2. What I have tried?

• Any JavaScript method out there, such as if(top != self) top.location.replace(location);

• Triggering a submit event on a form with the target="_top" attribute

• Triggering a click event on an anchor element with the target="_top" attribute. In fact, anchor elements with the target="_top" attribute are rendered useless. So, a nice message to advice users to take action won't work either (as shown in this Flickr iFrame example).

3. What I want to achieve?

I want a way to break out of frames on modern browsers, which have implemented the sandbox attribute for iFrames with the flags allow-forms and allow-scripts present?

Seems like they have just given the missing pieces of a puzzle to all black hats with this attribute.

4. What I am not looking for?

I am looking for a solution, which will break out of frames. Not for a solution, which won't display the site inside frames (such as X-Frame-Options response header) or using CSS to hide the body and such.

Answer 1

I am afraid that you won't find a solution, as the point of the sandbox is that you can't break out of it.

If there was a hack to break out, it would be classified as a security issue by the vendor and patched quickly.