Re: [whatwg] Document referrer and script entry point

On 10/23/12 6:03 PM, Ian Hickson wrote:
> The navigation algorithm uses the sandbox flags from the source browsing
> context to determine whether the navigation is allowed, per the spec. I
> think it probably makes sense to change this to the entry script as well.

Hmm.  I'm not sure what's best here, honestly; I haven't thought that 
much about threat models for this.

> That's already the case, per spec. (The click() method causes, in due
> course, the activation behavior to trigger, which for <a> is defined as,
> in the simple case, "follow the hyperlink", which itself is defined as
> using the browsing context of the Document of the element as the source
> browsing context.)

Ah, perfect!


Received on Tuesday, 23 October 2012 22:30:31 UTC