W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: CSP Directive Proposal: Sandbox

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 23 Feb 2011 02:03:51 -0800
Message-ID: <AANLkTinY21K8T+vLF_nGMHS8hJLQ-wvEwvpH8U2-4pin@mail.gmail.com>
To: gaz Heyes <gazheyes@gmail.com>
Cc: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On Wed, Feb 23, 2011 at 1:43 AM, gaz Heyes <gazheyes@gmail.com> wrote:
> On 22 February 2011 09:57, Adam Barth <w3c@adambarth.com> wrote:
>> >> The unique origin does not use the about scheme.
>> >
>> > What does it use?
>>
>> There's no way to tell.  In WebKit, it's just a Boolean flag that says
>> "this origin is unique."
>
> Ok if the origin is unique and doesn't use modify the url. How would iframe
> sandboxes communicate with the parent or each other? Since potentially they
> could all be part of the same location and since all messages would return
> the same origin.

I'm not sure I understand your question.  There are lots of ways for
to communicate with cross-origin iframes.  For example, postMessage
works well.  Please feel free to play with the implementation.

Adam
Received on Wednesday, 23 February 2011 10:04:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 23 February 2011 10:04:58 GMT