[whatwg] @sandbox and navigation top
Michal Zalewski
lcamtuf at coredump.cx
Fri Feb 12 23:48:51 PST 2010
> Can a frame in @sandbox ever navigation the top-level frame? If not,
> that would make it hard to use @sandbox to contain advertisements,
> which want to navigate |top| when the user clicks on the ad.
Ads would want to be able to do that, but user-controlled gadgets
shouldn't. I suppose the top-level page should be able to specify, and
the entire @sandbox chain would need to be traversed to make the call
(so that @sandbox included on example.com that is prohibited from
messing with the top-level frame can't just create a nested frame
without the restriction, and bypass the check).
I assume that chain-style checking is already a part of the spec, as
we obviously don't want other restrictions to be removed in a similar
manner?
/mz
More information about the whatwg
mailing list