Re: CSP Directive Proposal: Sandbox from gaz Heyes on 2011-02-21 (public-web-security@w3.org from February 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 21 Feb 2011 18:41:11 +0000
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
Message-ID: <AANLkTin-mzmtH3AdSSgUM0BLKVY-0_v_0UGpq0KMxR6f@mail.gmail.com>

On 21 February 2011 18:18, Adam Barth <w3c@adambarth.com> wrote:

> I'm not sure I understand.  Are you assuming that the document is
> loaded in the top-most frame?
>

Maybe we're talking about different things but if allow-top-navigation
exists in the CSP policy then I assume by default it isn't allowed.
Therefore any clicks/redirections to a different domain with a new CSP
policy that allows top redirects would break the policy of the original CSP
server.

Received on Monday, 21 February 2011 18:41:44 UTC