CSP: 'no-external-navigation'?

Pamela Fox submitted this bug to Mozilla, but it's probably better
discussed here: https://bugzilla.mozilla.org/show_bug.cgi?id=1032310

We've talked briefly about similar concepts in the past in the context of
the next iteration of CSP; at first glance it seems like something that
might be useful in narrow use-cases, but that I'm worried will be abused to
keep folks on pages they don't particularly want to be on (see  what
happened with `window.onbeforeunload` modals).


Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Monday, 30 June 2014 18:34:29 UTC