Re: CSP Directive Proposal: Sandbox from gaz Heyes on 2011-02-21 (public-web-security@w3.org from February 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 21 Feb 2011 11:59:41 +0000
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
Message-ID: <AANLkTimzecz8MD=R31PmKMyODL0TnKwOi-a+o4kr+H1t@mail.gmail.com>

On 21 February 2011 10:38, Adam Barth <w3c@adambarth.com> wrote:

> sandbox-policy = "" / sandbox-flag *( 1*LWS sandbox-flag )
> sandbox-flag = "allow-same-origin" / "allow-top-navigation" /
> "allow-forms" / "allow-scripts"
>

Isn't top navigation pointless from a CSP context? Since we can redirect to
another location that doesn't have a CSP enabled policy then change the top
location?

Received on Monday, 21 February 2011 12:00:13 UTC