[whatwg] @sandbox and navigation top

On Fri, Feb 12, 2010 at 11:48 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote:
>> Can a frame in @sandbox ever navigation the top-level frame? ?If not,
>> that would make it hard to use @sandbox to contain advertisements,
>> which want to navigate |top| when the user clicks on the ad.
>
> Ads would want to be able to do that, but user-controlled gadgets
> shouldn't. I suppose the top-level page should be able to specify, and
> the entire @sandbox chain would need to be traversed to make the call
> (so that @sandbox included on example.com that is prohibited from
> messing with the top-level frame can't just create a nested frame
> without the restriction, and bypass the check).
>
> I assume that chain-style checking is already a part of the spec, as
> we obviously don't want other restrictions to be removed in a similar
> manner?

Yes, the sandbox restrictions collect in subframes.

Perhaps we want an "allow-frame-busting" directive?  In the
implementation we have an "allow-navigation" bit that covers
navigation |top| as well as window.open, etc.  Maybe we want a more
general directive that twiddles this bit?

Adam

Received on Friday, 12 February 2010 23:54:20 UTC