This was actually detailed by Chromium’s Yao Xiao in a public Google Docs document where it was written, “Content providers should be able to restrict whether drive-by-downloads can be initiated for content in iframes. Thus, we plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword, if present in the sandbox attribute list.”
This sounds like it would be an immensely useful tool at protecting users who might not otherwise be aware that such dangers exist. There is no word on when the feature is expected to be released, but we’ll keep an eye out for it.
Image source – Maxpixel.net