W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2013

Re: [whatwg] Comments on <dialog>

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 22 Aug 2013 05:50:29 +0000 (UTC)
To: Elliott Sprehn <esprehn@chromium.org>
Message-ID: <alpine.DEB.2.00.1308220550010.5474@ps20323.dreamhostps.com>
Cc: Matt Falkenhagen <falken@chromium.org>, WHATWG <whatwg@lists.whatwg.org>, "Tab Atkins Jr." <jackalmage@gmail.com>
On Wed, 21 Aug 2013, Elliott Sprehn wrote:
> On Wed, Aug 21, 2013 at 3:58 PM, Ian Hickson <ian@hixie.ch> wrote:
> > >
> > > Hm, I was given to understand that it *was* intended that dialogs be 
> > > able to escape iframes through some mechanism.
> >
> > That isn't specced currently. I'm not 100% I understand how it would 
> > work (I guess it would need a lot of infrastructure from CSS?), but 
> > I'm happy to do it if there's demand and if the CSS side is figured 
> > out.
>
> Matt and I discussed this and I don't think we need it anymore. I've 
> also discussed it with security folks and they're not super comfortable 
> allowing a nested iframe to show arbitrary content over the main frame. 
> Specifically this gives non-sandboxes iframes superpowers they didn't 
> have before (so we'd need a special new attribute) and we'd need to show 
> info bars to notify the user of the origin of the dialog... even then 
> it's scary because the content seen under the ::backdrop is from a 
> different origin than the dialog itself.

Yeah if we did this at all it would have to be limited to same-origin 
iframes, at which point it's not clear how useful it is anyway.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 August 2013 05:50:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:23 UTC