- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 23 Oct 2012 18:30:01 -0400
- To: Ian Hickson <ian@hixie.ch>
- CC: Bobby Holley <bobbyholley@gmail.com>, Adam Barth <w3c@adambarth.com>, public-script-coord@w3.org
On 10/23/12 6:03 PM, Ian Hickson wrote: > The navigation algorithm uses the sandbox flags from the source browsing > context to determine whether the navigation is allowed, per the spec. I > think it probably makes sense to change this to the entry script as well. Hmm. I'm not sure what's best here, honestly; I haven't thought that much about threat models for this. > That's already the case, per spec. (The click() method causes, in due > course, the activation behavior to trigger, which for <a> is defined as, > in the simple case, "follow the hyperlink", which itself is defined as > using the browsing context of the Document of the element as the source > browsing context.) Ah, perfect! -Boris
Received on Tuesday, 23 October 2012 22:30:31 UTC