On Fri, Aug 22, 2014 at 5:11 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 8/22/14, 10:21 AM, Mike West wrote:
>
>> Using location won't work, as you've noted. Walking up the chain in a
>> similar way to about:srcdoc would work.
>>
>
> Would it? Your point about being able to navigate to about:blank is a
> good one.
>
> That said, I've been thinking about this a bit more and I think there
> isn't actually an issue here. If the about:blank is not sandboxed, its
> origin is usable. If it's sandboxed, then how would it ever end up with
> any nontrivial content?
That is a very good point. :)
I've addressed the srcdoc bit with
https://github.com/w3c/webappsec/commit/65936518b3dc2fb77e9437e01826c58e2a50da5f
.
Thoughts about 'data:'? I don't really think doing taint-checking on
'data:' URL navigations is worth it (or easily implementable).
-mike