W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP Directive Proposal: Sandbox

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 21 Feb 2011 11:59:41 +0000
Message-ID: <AANLkTimzecz8MD=R31PmKMyODL0TnKwOi-a+o4kr+H1t@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
On 21 February 2011 10:38, Adam Barth <w3c@adambarth.com> wrote:

> sandbox-policy = "" / sandbox-flag *( 1*LWS sandbox-flag )
> sandbox-flag = "allow-same-origin" / "allow-top-navigation" /
> "allow-forms" / "allow-scripts"
>

Isn't top navigation pointless from a CSP context? Since we can redirect to
another location that doesn't have a CSP enabled policy then change the top
location?
Received on Monday, 21 February 2011 12:00:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 21 February 2011 12:00:14 GMT