- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 9 Jul 2015 08:28:03 -0700
- To: Mike West <mkwst@google.com>
- Cc: David Bruant <bruant.d@gmail.com>, Chris Coyier <chriscoyier@gmail.com>, WHAT Working Group Mailing List <whatwg@whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>, Alex Russell <slightlyoff@google.com>, Ian Hickson <ian@hixie.ch>
On Mon, Jul 6, 2015 at 2:47 AM, Mike West <mkwst@google.com> wrote:
> I've dropped the opener/openee-disowning behavior from my proposal,
> and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
>
> https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments&diff=9958&oldid=9955
It appears that this new keyword as described would still require the use
of allow-popups in addition to allow-popups-to-escape-sandbox. Since it
doesn't make any sense on its own can you change it so that either keyword
allows popups to happen? That it, propose changing
[Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
contains the allow-popups keyword.
to
[Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
contains the allow-popups or *allow-popups-to-escape-sandbox* keyword.
(might then require changing -to-escape- to -that-escape-)
You question to bz was "can you live with it", and I can live with it. I
wish it could be shorter, but my attempts (allow-popups-unsandboxed or
allow-unsandboxed-popups) weren't much shorter. Keeping "allow popups" in
there is good, especially if it can be used in place of regular
allow-popups. using the word "sandbox" is better than anything about
"auxiliary contexts".
-
Dan Veditz
Received on Thursday, 9 July 2015 15:28:30 UTC