- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Mon, 27 Feb 2017 13:12:31 +0000
- To: public-secondscreen@w3.org
Setting _sandboxed top-level navigation browsing context flag_ is indeed required to ensure integrity. The presentation is effectively a single-page application that must not be able to navigate. This should have been caught up in the security review, but better late than never. Good catch! Looking at the _sandboxed modals flag_, it prevents content from using the following: * window.alert() * window.confirm() * window.print() * window.prompt() Also the following, but IIUC, not relevant here: * window.showModalDialog() - This is already disallowed by the _sandboxed auxiliary navigation browsing context flag_ we set, and also not anymore in the _sandboxed modals flag_ list in HTML LS, so probably a spec bug in 5.1). * the beforeunload event - In _terminate a presentation in a receiving browsing context_ we _unload a document_, thus this event is never fired when a presentation is terminated (the beforeunload event is only fired when a user agent is to _prompt to unload a document_). @mfoltzgoogle @schien How do your implementations handle alert(), confirm, print(), or prompt()? How about we specify the implemented behaviour if it is consistent among known implementations. -- GitHub Notification of comment by anssiko Please view or discuss this issue at https://github.com/w3c/presentation-api/issues/414#issuecomment-282716160 using your GitHub account
Received on Monday, 27 February 2017 13:12:38 UTC