Re: [ServiceWorker] under what conditions should sandboxed iframes be intercepted? (#648) from Jake Archibald on 2015-05-12 (public-webapps-github@w3.org from May 2015)

From: Jake Archibald <notifications@github.com>
Date: Tue, 12 May 2015 03:07:22 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/648/101221302@github.com>

Good catch. Sandboxed iframes without `allow-same-origin` shouldn't be intercepted.

I'm leaning towards no interception without `allow-scripts`, but I'd like to know more about the benefits of blocking script in an iframe, and if those benefits are lost by allowing a site's ServiceWorker to execute. @mikewest

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/648#issuecomment-101221302

Received on Tuesday, 12 May 2015 10:07:51 UTC