- From: Google <sysbot+gh@w3.org>
- Date: Wed, 09 Aug 2017 00:21:09 +0000
- To: public-secondscreen@w3.org
mfoltzgoogle has just created a new issue for https://github.com/w3c/presentation-api: == In receiver page, sandboxing flags do not fully block top-level navigation. == The steps to create a receiving browsing context set the _sandboxed top-level navigation browsing context flag_ [1]. According to the HTML 5.1 navigation algorithm [1], this only applies when nested browsing contexts attempt to navigate their top browsing context, so it does not make sense for the original receiving browsing context (only, possibly, nested browsing contexts inside it). We could also set the _sandboxed navigation browsing context flag_, which would block navigation for browsing contexts _other_ than the receiving browsing context. But I don't see a way to block a top-level browsing context from navigating itself - at least through the sandboxing flags defined in HTML. I would suggest removing the _sandboxed top-level navigation browsing context flag_ and adding a normative note that the receiving user agent should block top-level navigation that is not same-document, which should cover both navigation from top-level contexts and nested contexts. [1] https://www.w3.org/TR/html51/browsers.html#sandboxing [2] https://www.w3.org/TR/html51/browsers.html#allowed-to-navigate Please view or discuss this issue at https://github.com/w3c/presentation-api/issues/434 using your GitHub account
Received on Wednesday, 9 August 2017 00:21:14 UTC