W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP Directive Proposal: Sandbox

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 21 Feb 2011 10:18:58 -0800
Message-ID: <AANLkTim0DuBZ=vO2FcLkFwEs7O=dYGRsTLNZcgMtqBG8@mail.gmail.com>
To: gaz Heyes <gazheyes@gmail.com>
Cc: public-web-security@w3.org
On Mon, Feb 21, 2011 at 3:59 AM, gaz Heyes <gazheyes@gmail.com> wrote:
> On 21 February 2011 10:38, Adam Barth <w3c@adambarth.com> wrote:
>> sandbox-policy = "" / sandbox-flag *( 1*LWS sandbox-flag )
>> sandbox-flag = "allow-same-origin" / "allow-top-navigation" /
>> "allow-forms" / "allow-scripts"
>
> Isn't top navigation pointless from a CSP context? Since we can redirect to
> another location that doesn't have a CSP enabled policy then change the top
> location?

I'm not sure I understand.  Are you assuming that the document is
loaded in the top-most frame?

Adam
Received on Monday, 21 February 2011 18:20:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 21 February 2011 18:20:04 GMT