[whatwg] External link and new window policy [was: @sandbox and navigation top]
Markus Ernst
derernst at gmx.ch
Sat Feb 13 04:24:49 PST 2010
Maciej Stachowiak schrieb:
>
> On Feb 12, 2010, at 11:54 PM, Adam Barth wrote:
>
>> On Fri, Feb 12, 2010 at 11:48 PM, Michal Zalewski
>> <lcamtuf at coredump.cx> wrote:
>>>> Can a frame in @sandbox ever navigation the top-level frame? If not,
>>>> that would make it hard to use @sandbox to contain advertisements,
>>>> which want to navigate |top| when the user clicks on the ad.
>>>
>>> Ads would want to be able to do that, but user-controlled gadgets
>>> shouldn't. I suppose the top-level page should be able to specify, and
>>> the entire @sandbox chain would need to be traversed to make the call
>>> (so that @sandbox included on example.com that is prohibited from
>>> messing with the top-level frame can't just create a nested frame
>>> without the restriction, and bypass the check).
>>>
>>> I assume that chain-style checking is already a part of the spec, as
>>> we obviously don't want other restrictions to be removed in a similar
>>> manner?
>>
>> Yes, the sandbox restrictions collect in subframes.
>>
>> Perhaps we want an "allow-frame-busting" directive? In the
>> implementation we have an "allow-navigation" bit that covers
>> navigation |top| as well as window.open, etc. Maybe we want a more
>> general directive that twiddles this bit?
>
> Some may want to have a directive that allows only opening new windows
> and not navigating the top level. This is the policy Caja tries to
> enforce by default for instance. For ads I could imagine wanting only
> top-level navigation and not window opening. So maybe this should be two
> flags.
An "allow-navigation" directive should IMO be ok. Given that a
navigation element is allowed in the context, the user experience should
actually not differ whether it is clicked in a sandboxed context or not.
Some off-topic thoughts about this:
Most non-academic websites apply target="_blank" on all external links.
In order to allow a consistent user experience, it might be worth to
encourage UAs to offer the following user settings:
1. "Open new tabs rather than windows"
This should not only apply to windows opened with target="_blank" (as it
is already possible e.g. in Firefox), but also to the ones opened by
window.open().
2. "Always open links to other domains in a new tab" (resp. window, if
the above option is not set)
I would even encourage to set this as the default, as it is a de-facto
standard at least in commercial and community websites.
More information about the whatwg
mailing list