> We've talked briefly about similar concepts in the past in the context of > the next iteration of CSP; at first glance it seems like something that > might be useful in narrow use-cases, but that I'm worried will be abused to > keep folks on pages they don't particularly want to be on (see what > happened with `window.onbeforeunload` modals). If I read this correctly, the request is to prevent programmatic navigation within the CSP-sandboxed frame, not prevent the user from relying on bookmarks, manually entered URLs, etc. That said, I'm not sure this is a very meaningful goal if you're otherwise permitting largely unconstrained JS to run on the page (and you're using CSP to "sandbox" it) - what would be the goal? Can't the JS achieve roughly the same without navigating its own frame away? /mzReceived on Monday, 30 June 2014 18:46:45 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC