- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 7 Apr 2011 16:47:52 -0700
- To: public-web-security@w3.org
Suppose I have the following CSP policy: frame-src http://example.com Now, I have the following HTML in my page: <iframe src="http://example.com/foo.html"></iframe> Where foo.html is the following: <a href="http://mozilla.org/">Mozilla</a> What happens when the user clicks that hyperlink? In particular, does the frame-src directive stop the frame from being navigated altogether, or does it only affect loads caused by the page with the policy? Adam
Received on Thursday, 7 April 2011 23:48:55 UTC