- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 23 Nov 2007 17:36:07 -0600
- To: Ian Hickson <ian@hixie.ch>
- CC: public-webapi@w3.org
Ian Hickson wrote: > Yes; at least according to the current HTML5 draft. The spec currently > splits navigation from rendering, so <iframe>s (and browsing contexts in > general) work the same mostly independent of their location. I'm not sure we'll want to implement this in Gecko. >> Is script allowed to run in that Window after that? > > According to the current spec, yes. Nor this, possibly. In particular, the parent window chain can affect the security context of a window in various ways. For example, it's possible to disable script on a window and all its descendant windows. What I would suggest is that a window that is not in the DOM: 1) Does not allow navigation. 2) Does not allow script execution. Possibly some other restrictions to make sure the behavior is sane from a security perspective.... -Boris
Received on Friday, 23 November 2007 23:36:25 UTC