[whatwg] @sandbox and navigation top

Michal Zalewski lcamtuf at coredump.cx
Sat Feb 13 00:08:13 PST 2010


> Perhaps we want an "allow-frame-busting" directive?  In the
> implementation we have an "allow-navigation" bit that covers
> navigation |top| as well as window.open, etc.  Maybe we want a more
> general directive that twiddles this bit?

I'm wondering if sites want to have control over the type of
navigation: navigating the top-level context versus opening a new
window? In particular, I am thinking about ads in embeddable gadgets
(on social sites, or in places such as Docs, Wave, etc): you do not
want the gadget to interfere with the presentation of the page by
triggering disruptive and unsolicited top frame transitions (as this
could be used for a crude DoS - in fact, IIRC, there is some history
along these lines), but you may bey OK with a pop-up ad following a
click.

/mz



More information about the whatwg mailing list