[whatwg] iframe sandbox allow-bottom-navigation

Nick Vidal nick at iss.im
Mon Sep 6 07:31:37 PDT 2010

In addition to allow-top-navigation for the iframe's sandbox
attribute, I propose the opposite: allow-bottom-navigation. This would
allow a parent document to have access to the iframe's
browsing-context (even when the user has navigate to a different

I'm building a Webtop (a Desktop Environment on top of the Web) that
allows users to navigate websites securely through iframes [note 1].
An iframe is necessary to protect the Webtop from being compromised by
an untrusted website.  However, this also restricts the Webtop from
accessing the browsing-context of the iframe.

The allow-bottom-navigation would permit the Webtop:

a) to provide independent navigation controls for each iframe [note 2];
b) to bookmark a website;
c) to save a session (i.e. to save all opened task windows, including
those that have an iframe).

I don't see any security risks, since the parent document would have
access only to the browsing context of the iframe. No other access
would be granted.

Best regards,

1) More information here: http://itop.iss.im/
2) As previously discussed here:

More information about the whatwg mailing list