W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > January 2011

[Bug 11429] If allow-top-navigation is set, can the content navigate to a javascript url to run scripts in the parent domain?

From: <bugzilla@jessica.w3.org>
Date: Mon, 10 Jan 2011 22:33:51 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PcQJD-00060y-Dg@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11429

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |ian@hixie.ch
         Resolution|                            |FIXED

--- Comment #1 from Ian 'Hixie' Hickson <ian@hixie.ch> 2011-01-10 22:33:50 UTC ---
Only if the iframe also has allow-same-origin set, because if it does not, the
origin of the script is the origin of the sandboxed browsing context, which is
different than the origin of the top-level browsing context.

Having said that, it's an interesting point that sandbox="allow-same-origin
allow-top-navigation" essentially enabled scripting. So I fixed that.


EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Partially Accepted
Change Description: see diff given below
Rationale: see above

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 10 January 2011 22:33:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 10 January 2011 22:33:55 GMT