frame-src and navigation

Suppose I have the following CSP policy:

frame-src http://example.com

Now, I have the following HTML in my page:

<iframe src="http://example.com/foo.html"></iframe>

Where foo.html is the following:

<a href="http://mozilla.org/">Mozilla</a>

What happens when the user clicks that hyperlink?  In particular, does
the frame-src directive stop the frame from being navigated
altogether, or does it only affect loads caused by the page with the
policy?

Adam

Received on Thursday, 7 April 2011 23:48:55 UTC