W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP Directive Proposal: Sandbox

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 21 Feb 2011 18:41:11 +0000
Message-ID: <AANLkTin-mzmtH3AdSSgUM0BLKVY-0_v_0UGpq0KMxR6f@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
On 21 February 2011 18:18, Adam Barth <w3c@adambarth.com> wrote:

> I'm not sure I understand.  Are you assuming that the document is
> loaded in the top-most frame?
>

Maybe we're talking about different things but if allow-top-navigation
exists in the CSP policy then I assume by default it isn't allowed.
Therefore any clicks/redirections to a different domain with a new CSP
policy that allows top redirects would break the policy of the original CSP
server.
Received on Monday, 21 February 2011 18:41:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 21 February 2011 18:41:44 GMT