W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > January 2011

[Bug 11429] If allow-top-navigation is set, can the content navigate to a javascript url to run scripts in the parent domain?

From: <bugzilla@jessica.w3.org>
Date: Mon, 10 Jan 2011 22:34:16 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PcQJc-00061Z-Q9@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11429

--- Comment #2 from contributor@whatwg.org 2011-01-10 22:34:16 UTC ---
Checked in as WHATWG revision r5756.
Check-in comment: Ensure that sandbox='allow-same-origin allow-top-navigation'
doesn't allow sandboxed pages to run scripts 'by proxy' (through the top-level
browsing context)
http://html5.org/tools/web-apps-tracker?from=5755&to=5756

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 10 January 2011 22:34:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 10 January 2011 22:34:59 GMT