From b96aee50e137ebc4bb4af6b783b7bab83128c244 Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Mon, 10 Mar 2014 22:33:34 +0800
Subject: [PATCH 1/4] :memo: Mention that iframe is sandboxed by default.

---
 docs/api/browser/browser-window.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/api/browser/browser-window.md b/docs/api/browser/browser-window.md
index 43ef062c3e..b2bfe83820 100644
--- a/docs/api/browser/browser-window.md
+++ b/docs/api/browser/browser-window.md
@@ -66,12 +66,15 @@ An example of enable node integration in iframe with `node-integration` set to
 <iframe src="http://jandan.net"></iframe>
 ```
 
-And you should also notice that the iframes can have access to parent window's
-javascript objects via `window.parent`, so in order to grant complete security
-from iframes, you should add `sandbox` attribute to the iframes:
+And in atom-shell, the security limitaion of iframe is stricter than normal
+browser, by default iframe is sandboxed with all permissions except the
+`allow-same-origin`, which means iframe could not access parent's js context.
+
+If you want to enable things like `parent.window.process.exit()` in iframe,
+you should explictly set `sandbox` to `none`:
 
 ```html
-<iframe sandbox="allow-scripts" src="http://bbs.seu.edu.cn"></iframe>
+<iframe sandbox="none" src="https://github.com"></iframe>
 ```
 
 ### Event: 'page-title-updated'

From 31b08a3ec68bac87b93a5b46bd1fa28e3e0ef6c0 Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Mon, 10 Mar 2014 22:42:03 +0800
Subject: [PATCH 2/4] Update specs with new sandbox setting.

---
 spec/chromium-spec.coffee | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/spec/chromium-spec.coffee b/spec/chromium-spec.coffee
index 91461a3e00..f9be63079e 100644
--- a/spec/chromium-spec.coffee
+++ b/spec/chromium-spec.coffee
@@ -25,12 +25,14 @@ describe 'chromium feature', ->
       assert.equal b.constructor.name, 'BrowserWindow'
       b.destroy()
 
-  describe 'iframe with sandbox attribute', ->
-    it 'can not modify parent', (done) ->
-      page = path.join fixtures, 'pages', 'change-parent.html'
+  describe 'iframe', ->
+    page = path.join fixtures, 'pages', 'change-parent.html'
+
+    beforeEach ->
       global.changedByIframe = false
 
-      iframe = $('<iframe sandbox="allow-scripts">')
+    it 'can not modify parent by default', (done) ->
+      iframe = $('<iframe>')
       iframe.hide()
       iframe.attr 'src', "file://#{page}"
       iframe.appendTo 'body'
@@ -39,3 +41,14 @@ describe 'chromium feature', ->
         assert.equal global.changedByIframe, false
         done()
       setTimeout isChanged, 30
+
+    it 'can modify parent when sanbox is set to none', (done) ->
+      iframe = $('<iframe sandbox="none">')
+      iframe.hide()
+      iframe.attr 'src', "file://#{page}"
+      iframe.appendTo 'body'
+      isChanged = ->
+        iframe.remove()
+        assert.equal global.changedByIframe, true
+        done()
+      setTimeout isChanged, 30

From 89507a2524f779e1d781c289b8c824b79b66bffe Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Mon, 10 Mar 2014 22:46:15 +0800
Subject: [PATCH 3/4] :lipstick: Remove console output.

---
 spec/fixtures/pages/change-parent.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spec/fixtures/pages/change-parent.html b/spec/fixtures/pages/change-parent.html
index 6a60f6cf3c..f19c0ac766 100644
--- a/spec/fixtures/pages/change-parent.html
+++ b/spec/fixtures/pages/change-parent.html
@@ -1,7 +1,6 @@
 <html>
 <body>
 <script type="text/javascript" charset="utf-8">
-  console.log('ready2')
   window.parent.changedByIframe = true;
 </script>
 </body>

From 1c057c8ea1e75909e90992784cff177ea1cb294b Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Mon, 10 Mar 2014 22:47:21 +0800
Subject: [PATCH 4/4] Update libchromiumcontent for iframe sandbox.

---
 script/lib/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/script/lib/config.py b/script/lib/config.py
index 2fa2034455..8bd05175aa 100644
--- a/script/lib/config.py
+++ b/script/lib/config.py
@@ -2,4 +2,4 @@
 
 NODE_VERSION = 'v0.11.10'
 BASE_URL = 'https://gh-contractor-zcbenz.s3.amazonaws.com/libchromiumcontent'
-LIBCHROMIUMCONTENT_COMMIT = '9c654df782c77449e7d8fa741843143145260aeb'
+LIBCHROMIUMCONTENT_COMMIT = '607907aed2c1dcdd3b5968a756a990ba3f47bca7'