[Bug 12393] Add "allow-popups" for iframe@sandbox from bugzilla@jessica.w3.org on 2011-11-10 (public-html-bugzilla@w3.org from November 2011)

From: <bugzilla@jessica.w3.org>
Date: Thu, 10 Nov 2011 01:49:47 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1ROJlz-00008r-OS@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12393

--- Comment #14 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-11-10 01:49:47 UTC ---
(In reply to comment #13)
> That's slightly different from the discussion in public-web-security about CSP.
>  IMHO, we should tackle the CSP issues separately.

Ack.  I was still thinking about CSP when I wrote this--didn't mean to mix.  My
comment also applies to popups created from a sandboxed frame:

The popup inherits the same restrictions.  Navigations from within the page
continue to have the sandbox restrictions.  User navigations from the address
bar clear the restrictions.

Child frames within the popups also inherit the sandbox restrictions (same way
as child frames in the sandbox iframe).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Thursday, 10 November 2011 01:49:53 UTC