W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2011

[Bug 12393] Add "allow-popups" for iframe@sandbox

From: <bugzilla@jessica.w3.org>
Date: Thu, 10 Nov 2011 01:49:47 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1ROJlz-00008r-OS@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12393

--- Comment #14 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-11-10 01:49:47 UTC ---
(In reply to comment #13)
> That's slightly different from the discussion in public-web-security about CSP.
>  IMHO, we should tackle the CSP issues separately.

Ack.  I was still thinking about CSP when I wrote this--didn't mean to mix.  My
comment also applies to popups created from a sandboxed frame:

The popup inherits the same restrictions.  Navigations from within the page
continue to have the sandbox restrictions.  User navigations from the address
bar clear the restrictions.

Child frames within the popups also inherit the sandbox restrictions (same way
as child frames in the sandbox iframe).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 10 November 2011 01:49:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 November 2011 01:49:53 GMT