W3C home > Mailing lists > Public > public-webapi@w3.org > November 2007

Re: Window pointer

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 23 Nov 2007 17:36:07 -0600
Message-ID: <474763E7.5060608@mit.edu>
To: Ian Hickson <ian@hixie.ch>
CC: public-webapi@w3.org

Ian Hickson wrote:
> Yes; at least according to the current HTML5 draft. The spec currently 
> splits navigation from rendering, so <iframe>s (and browsing contexts in 
> general) work the same mostly independent of their location.

I'm not sure we'll want to implement this in Gecko.

>> Is script allowed to run in that Window after that?
> 
> According to the current spec, yes.

Nor this, possibly.  In particular, the parent window chain can affect 
the security context of a window in various ways.  For example, it's 
possible to disable script on a window and all its descendant windows.

What I would suggest is that a window that is not in the DOM:

   1)  Does not allow navigation.
   2)  Does not allow script execution.

Possibly some other restrictions to make sure the behavior is sane from 
a security perspective....

-Boris
Received on Friday, 23 November 2007 23:36:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT