[whatwg] Confirming understanding about window.location's interaction with sandboxed seamless iframes
w3c at adambarth.com
Wed Apr 11 23:39:32 PDT 2012
On Wed, Apr 11, 2012 at 11:35 PM, Ian Hickson <ian at hixie.ch> wrote:
> On Wed, 11 Apr 2012, Adam Barth wrote:
>> We ran into a tricky case in implementing seamless today, and I'd like
>> to make sure we did the right thing. Consider the following markup:
>> <iframe seamless srcdoc="<script>window.location =
>> According to the rules for navigating seamless iframes, when the child
>> frame assigns to window.location, the browser will navigate the parent
>> frame. Now, what happens if you add in sandbox:
>> <iframe seamless sandbox="allow-scripts"
>> srcdoc="<script>window.location =
>> In this case, navigating the parent is blocked because the sandbox
>> prevents the child from navigating it's parent.
> The blocking happens in step 2, which is before the seamless redirection
> which is in step 3, so in this case it's not blocked.
On #whatwg, Hixie pointed me to this table:
which looks quite helpful.
More information about the whatwg