- From: dveditz <dveditz@mozilla.com>
- Date: Fri, 4 Nov 2011 11:29:27 -0700 (PDT)
- To: w3c@adambarth.com
- Cc: public-web-security@w3.org, jrossi@microsoft.com
Received on Friday, 4 November 2011 18:32:31 UTC
Adam Barth <w3c@adambarth.com> wrote:> attacker cannot execute script in the sandboxed document itself, > but he/she can trigger a navigation to another (non-sandboxed) > document, which can execute script. I'm fine with that--if the site is worried about the effect on a containing doc they should use the frame attribute. If they're using CSP then they at worried about that specific page being abused. -Dan
Received on Friday, 4 November 2011 18:32:31 UTC