[Bug 12391] New: showModalDialog() should be blocked by sandbox attribute from bugzilla@jessica.w3.org on 2011-03-29 (public-html@w3.org from March 2011)

From: <bugzilla@jessica.w3.org>
Date: Tue, 29 Mar 2011 07:02:15 +0000
To: public-html@w3.org
Message-ID: <bug-12391-2495@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12391

           Summary: showModalDialog() should be blocked by sandbox
                    attribute
           Product: HTML WG
           Version: unspecified
          Platform: PC
               URL: http://dev.w3.org/html5/spec/Overview.html#dom-showmod
                    aldialog
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: jrossi@microsoft.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


>From the current spec text, it's not clear that window.showModalDialog( )
should be blocked inside a sandboxed iframe. It seems that it should follow in
the same suit as window.open(). 

showModalDialog() should be added to the sentence "This flag also prevents
content from creating new auxiliary browsing contexts, e.g. using the target
attribute or the window.open() method." [1]

Additionally, in the steps for executing showModalDialog [2], the first step
should indicate that the UA should abort these steps if the "sandboxed
navigation browsing context flag" is set.


[1] http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox
[2] http://dev.w3.org/html5/spec/Overview.html#dom-showmodaldialog

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Tuesday, 29 March 2011 07:02:17 UTC