[whatwg] Comments on <dialog>
Ian Hickson
ian at hixie.ch
Wed Aug 21 22:50:29 PDT 2013
On Wed, 21 Aug 2013, Elliott Sprehn wrote:
> On Wed, Aug 21, 2013 at 3:58 PM, Ian Hickson <ian at hixie.ch> wrote:
> > >
> > > Hm, I was given to understand that it *was* intended that dialogs be
> > > able to escape iframes through some mechanism.
> >
> > That isn't specced currently. I'm not 100% I understand how it would
> > work (I guess it would need a lot of infrastructure from CSS?), but
> > I'm happy to do it if there's demand and if the CSS side is figured
> > out.
>
> Matt and I discussed this and I don't think we need it anymore. I've
> also discussed it with security folks and they're not super comfortable
> allowing a nested iframe to show arbitrary content over the main frame.
> Specifically this gives non-sandboxes iframes superpowers they didn't
> have before (so we'd need a special new attribute) and we'd need to show
> info bars to notify the user of the origin of the dialog... even then
> it's scary because the content seen under the ::backdrop is from a
> different origin than the dialog itself.
Yeah if we did this at all it would have to be limited to same-origin
iframes, at which point it's not clear how useful it is anyway.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list