HTML-ISSUE-180 (allowpopups): Add "allow-popups" for iframe@sandbox [HTML 5 spec] from HTML Weekly Issue Tracker on 2011-10-03 (public-html-wg-issue-tracking@w3.org from October 2011)

From: HTML Weekly Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 03 Oct 2011 23:07:49 +0000
To: public-html-wg-issue-tracking@w3.org
Message-Id: <E1RArbx-0001EZ-JV@barney.w3.org>

HTML-ISSUE-180 (allowpopups): Add "allow-popups" for iframe@sandbox [HTML 5 spec]

http://www.w3.org/html/wg/tracker/issues/180

Raised by: Adrian Bateman
On product: HTML 5 spec

This issue was raised on behalf of Jacob Rossi, based on the following bug: http://www.w3.org/Bugs/Public/show_bug.cgi?id=12393

----

There's currently no way for a sandboxed iframe to generate popups (which for
some mashup scenarios, may be valid). We should add an "allow-popups" token for
the sandbox attribute.

When set, window.open(), showModalDialog() [1], and links with target=”_blank”
would be allowed. However, the newly created browsing contexts should inherit
the sandbox restrictions of the context from which the popup was created.

Here's one good use case:

A site sandboxes a maps widget. The maps widget offers options to launch a
popup for a larger map or for finding directions.

By default in both Chrome and IE10, the popups are blocked. Using allow-popups
enables the control to work as expected while still sandboxing the widget in
the other ways.

[1] http://www.w3.org/Bugs/Public/show_bug.cgi?id=12391

Received on Monday, 3 October 2011 23:07:58 UTC