Re: Defining secure-enough origins.

On 8/22/14, 10:21 AM, Mike West wrote:
> Using location won't work, as you've noted. Walking up the chain in a
> similar way to about:srcdoc would work.

Would it?  Your point about being able to navigate to about:blank is a 
good one.

That said, I've been thinking about this a bit more and I think there 
isn't actually an issue here.  If the about:blank is not sandboxed, its 
origin is usable.  If it's sandboxed, then how would it ever end up with 
any nontrivial content?


Received on Friday, 22 August 2014 15:12:16 UTC