- From: <bugzilla@jessica.w3.org>
- Date: Mon, 10 Jan 2011 22:33:51 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11429
Ian 'Hixie' Hickson <ian@hixie.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |ian@hixie.ch
Resolution| |FIXED
--- Comment #1 from Ian 'Hixie' Hickson <ian@hixie.ch> 2011-01-10 22:33:50 UTC ---
Only if the iframe also has allow-same-origin set, because if it does not, the
origin of the script is the origin of the sandboxed browsing context, which is
different than the origin of the top-level browsing context.
Having said that, it's an interesting point that sandbox="allow-same-origin
allow-top-navigation" essentially enabled scripting. So I fixed that.
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:
http://dev.w3.org/html5/decision-policy/decision-policy.html
Status: Partially Accepted
Change Description: see diff given below
Rationale: see above
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 10 January 2011 22:33:52 UTC