RE: A 'navigation-to' CSP directive

Hi,

 
Is the idea to add it as a CSP directive or as a sandbox value?

 
I think the idea to implement the enforcement as a sandbox value may makes more sense. Since the sandbox directive applies restrictions to the frame would a 'navigation-to' sandbox value would prevent loading resources other than the one's whitelisted. Absence of the 'navigation-to' sandbox value would not enforece a whitelist to the sandboxed iframe.

 
Rob

 
-----Original message-----
From: Andy Paicu
Sent: Friday, December 1 2017, 12:04 pm
To: public-webappsec@w3.org
Subject: A 'navigation-to' CSP directive

Hello all,
 Following the discussions at TPAC I have put together a document proposal/explainer around a 'navigation-to' CSP directive.
 This directive can help web authors control the top level navigations allowed from their page and I have listed some scenarios where such a directive could be used.
 If you are interested, please have a look and feel free to leave comments.
 https://docs.google.com/a/chromium.org/document/d/1eMfw7sSIPtPPs9T3K2C8SfDi3Q7OXRTrRDdkGOLb19M/edit?usp=sharing
 Regards,
Andy Paicu
 

Received on Friday, 1 December 2017 12:21:41 UTC