- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Fri, 22 Aug 2014 11:11:37 -0400
- To: Mike West <mkwst@google.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>, Chris Palmer <palmer@google.com>, Ryan Sleevi <sleevi@google.com>, Anne van Kesteren <annevk@annevk.nl>
On 8/22/14, 10:21 AM, Mike West wrote: > Using location won't work, as you've noted. Walking up the chain in a > similar way to about:srcdoc would work. Would it? Your point about being able to navigate to about:blank is a good one. That said, I've been thinking about this a bit more and I think there isn't actually an issue here. If the about:blank is not sandboxed, its origin is usable. If it's sandboxed, then how would it ever end up with any nontrivial content? -Boris
Received on Friday, 22 August 2014 15:12:16 UTC