W3C home > Mailing lists > Public > public-html@w3.org > March 2011

[Bug 12393] New: http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox

From: <bugzilla@jessica.w3.org>
Date: Tue, 29 Mar 2011 07:12:55 +0000
To: public-html@w3.org
Message-ID: <bug-12393-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12393

           Summary: http://dev.w3.org/html5/spec/Overview.html#attr-iframe
                    -sandbox
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: jrossi@microsoft.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


There's currently no way for a sandboxed iframe to generate popups (which for
some mashup scenarios, may be valid). We should add an "allow-popups" token for
the sandbox attribute.

When set, window.open(), showModalDialog() [1], and links with target=”_blank”
would be allowed. However, the newly created browsing contexts should inherit
the sandbox restrictions of the context from which the popup was created.

[1] http://www.w3.org/Bugs/Public/show_bug.cgi?id=12391

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Tuesday, 29 March 2011 07:12:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:23 UTC