[whatwg] Confirming understanding about window.location's interaction with sandboxed seamless iframes

Adam Barth w3c at adambarth.com
Wed Apr 11 23:18:25 PDT 2012

We ran into a tricky case in implementing seamless today, and I'd like
to make sure we did the right thing.  Consider the following markup:

<iframe seamless srcdoc="<script>window.location =

According to the rules for navigating seamless iframes, when the child
frame assigns to window.location, the browser will navigate the parent
frame.  Now, what happens if you add in sandbox:

<iframe seamless sandbox="allow-scripts"
srcdoc="<script>window.location =

In this case, navigating the parent is blocked because the sandbox
prevents the child from navigating it's parent.  Therefore, the
navigation just fails.  There's a full test case up on GitHub if
that's helpful to you:


Please let us know if we've misunderstood the interactions between
these three features.


More information about the whatwg mailing list