[Bug 8528] "scripts are still prevented from creating popups", therefore shouldn't an "allow-popup" token also be included?

http://www.w3.org/Bugs/Public/show_bug.cgi?id=8528


Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




--- Comment #1 from Ian 'Hixie' Hickson <ian@hixie.ch>  2010-01-06 10:46:55 ---
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: If we allow popups, then it's trivial to break out of the sandbox.
There wouldn't be much point having the sandbox at all in that case. The only
way it could work is if the created popups also had all the sandboxing magic
propagated to them, which we could do — but before doing that, we should see
whether what we have so far is any good.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 6 January 2010 10:46:56 UTC