Abstract
Web applications sometimes need to render untrusted content such as user-uploaded files or data from third-party providers. A common approach is to isolate this content on a dedicated sandbox domain. However, a document served from the same sandbox domain can initiate attacks against other uploaded documents from the domain due to shared storage and insufficient process isolation. This disclosure introduces safe-content frames (SCF), a technique to achieve strong isolation between same-site documents, thereby forestalling attacks between documents uploaded from the same site. A notable use case is user-generated content (UGC) where documents originating from unrelated authors are hosted on the same site. Per the techniques, a unique, cryptographically-secured origin for each piece of rendered content is created, and a domain on the public suffix list (PSL) is used to achieve robust, browser-enforced isolation. Integrity checks are implemented entirely on the client-side, eliminating the need for a dedicated back-end service and simplifying deployment of the content-hosting solution.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Góra, Jan and Guðmundsson, Bjarki Ágúst, "Securely Rendering Untrusted Web Content", Technical Disclosure Commons, (October 15, 2025)
https://www.tdcommons.org/dpubs_series/8726