W3C home > Mailing lists > Public > public-html-diffs@w3.org > January 2011

hixie: Ensure that sandbox='allow-same-origin allow-top-navigation' doesn't allow sandboxed pages to run scripts 'by proxy' (through the top-level browsing context) (whatwg r5756)

From: poot <cvsmail@w3.org>
Date: Tue, 11 Jan 2011 21:44:03 -0500
To: public-html-diffs@w3.org
Message-Id: <E1Pcqgt-0000FW-2I@jay.w3.org>
hixie: Ensure that sandbox='allow-same-origin allow-top-navigation'
doesn't allow sandboxed pages to run scripts 'by proxy' (through the
top-level browsing context) (whatwg r5756)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4616&r2=1.4617&f=h
http://html5.org/tools/web-apps-tracker?from=5755&to=5756

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4616
retrieving revision 1.4617
diff -u -d -r1.4616 -r1.4617
--- Overview.html	10 Jan 2011 22:08:27 -0000	1.4616
+++ Overview.html	10 Jan 2011 22:34:08 -0000	1.4617
@@ -47949,6 +47949,16 @@
     <p>Use the appropriate step from the following list:</p>
 
     <dl><dt>If a <a href="#browsing-context">browsing context</a> is being <a href="#navigate" title="navigate">navigated</a> to a <code>javascript:</code>
+     URL, and the <a href="#source-browsing-context">source browsing context</a> for that
+     navigation, if any, has <a href="#concept-bc-noscript" title="concept-bc-noscript">scripting disabled</a></dt>
+
+     <dd>
+
+      <p>Let <var title="">result</var> be void.</p>
+
+     </dd>
+
+     <dt>If a <a href="#browsing-context">browsing context</a> is being <a href="#navigate" title="navigate">navigated</a> to a <code>javascript:</code>
      URL, and the <a href="#active-document">active document</a> of that browsing
      context has the <a href="#same-origin">same origin</a> as the script given by
      that URL</dt>
Received on Wednesday, 12 January 2011 02:44:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 12 January 2011 04:12:17 GMT