W3C home > Mailing lists > Public > public-script-coord@w3.org > October to December 2012

Re: [whatwg] Document referrer and script entry point

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 23 Oct 2012 18:30:01 -0400
Message-ID: <50871A69.8060400@mit.edu>
To: Ian Hickson <ian@hixie.ch>
CC: Bobby Holley <bobbyholley@gmail.com>, Adam Barth <w3c@adambarth.com>, public-script-coord@w3.org
On 10/23/12 6:03 PM, Ian Hickson wrote:
> The navigation algorithm uses the sandbox flags from the source browsing
> context to determine whether the navigation is allowed, per the spec. I
> think it probably makes sense to change this to the entry script as well.

Hmm.  I'm not sure what's best here, honestly; I haven't thought that 
much about threat models for this.

> That's already the case, per spec. (The click() method causes, in due
> course, the activation behavior to trigger, which for <a> is defined as,
> in the simple case, "follow the hyperlink", which itself is defined as
> using the browsing context of the Document of the element as the source
> browsing context.)

Ah, perfect!

-Boris
Received on Tuesday, 23 October 2012 22:30:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:07 UTC