W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > March 2011

[Bug 12391] New: showModalDialog() should be blocked by sandbox attribute

From: <bugzilla@jessica.w3.org>
Date: Tue, 29 Mar 2011 07:02:15 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-12391-2486@http.www.w3.org/Bugs/Public/>

           Summary: showModalDialog() should be blocked by sandbox
           Product: HTML WG
           Version: unspecified
          Platform: PC
               URL: http://dev.w3.org/html5/spec/Overview.html#dom-showmod
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: jrossi@microsoft.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,

>From the current spec text, it's not clear that window.showModalDialog( )
should be blocked inside a sandboxed iframe. It seems that it should follow in
the same suit as window.open(). 

showModalDialog() should be added to the sentence "This flag also prevents
content from creating new auxiliary browsing contexts, e.g. using the target
attribute or the window.open() method." [1]

Additionally, in the steps for executing showModalDialog [2], the first step
should indicate that the UA should abort these steps if the "sandboxed
navigation browsing context flag" is set.

[1] http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox
[2] http://dev.w3.org/html5/spec/Overview.html#dom-showmodaldialog

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 29 March 2011 07:02:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:45 UTC