- From: <bugzilla@jessica.w3.org>
- Date: Thu, 10 Nov 2011 01:22:20 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12393 --- Comment #12 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-11-10 01:22:18 UTC --- (In reply to comment #11) > Another subtly is whether the sandbox flags get applied to the main frame of > the popup or to the document (i.e., whether subsequent documents that inhabit > the frame are sandboxed). WebKit applies the sandbox bits to the frame so that > future documents in that frame also are sandboxed. > > If the user navigates via the browser's location bar, the bits a cleared > because the new document is loaded into a "new" frame. IE10 follows a similar design. Navigations from within the page with CSP (clicking a link, window.location=foo, window.open(foo,"_self"), etc.) persist the restrictions. However, if the user navigates with the address bar then the sandbox bits are cleared. Child frames within a document with a CSP sandbox header also inherit those restrictions (in the same way a child frame of a sandboxed iframe inherit sandbox flags per HTML5). -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Thursday, 10 November 2011 01:22:37 UTC