- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Fri, 12 Feb 2010 23:48:51 -0800
> Can a frame in @sandbox ever navigation the top-level frame? ?If not, > that would make it hard to use @sandbox to contain advertisements, > which want to navigate |top| when the user clicks on the ad. Ads would want to be able to do that, but user-controlled gadgets shouldn't. I suppose the top-level page should be able to specify, and the entire @sandbox chain would need to be traversed to make the call (so that @sandbox included on example.com that is prohibited from messing with the top-level frame can't just create a nested frame without the restriction, and bypass the check). I assume that chain-style checking is already a part of the spec, as we obviously don't want other restrictions to be removed in a similar manner? /mz
Received on Friday, 12 February 2010 23:48:51 UTC