- From: <bugzilla@jessica.w3.org>
- Date: Tue, 29 Mar 2011 07:02:15 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12391 Summary: showModalDialog() should be blocked by sandbox attribute Product: HTML WG Version: unspecified Platform: PC URL: http://dev.w3.org/html5/spec/Overview.html#dom-showmod aldialog OS/Version: Windows NT Status: NEW Severity: normal Priority: P2 Component: HTML5 spec (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: jrossi@microsoft.com QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org >From the current spec text, it's not clear that window.showModalDialog( ) should be blocked inside a sandboxed iframe. It seems that it should follow in the same suit as window.open(). showModalDialog() should be added to the sentence "This flag also prevents content from creating new auxiliary browsing contexts, e.g. using the target attribute or the window.open() method." [1] Additionally, in the steps for executing showModalDialog [2], the first step should indicate that the UA should abort these steps if the "sandboxed navigation browsing context flag" is set. [1] http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox [2] http://dev.w3.org/html5/spec/Overview.html#dom-showmodaldialog -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Tuesday, 29 March 2011 07:02:17 UTC