W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2010

[whatwg] @sandbox and navigation top

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Sat, 13 Feb 2010 00:08:13 -0800
Message-ID: <448e9a321002130008o31b219dak5dbe75713107ebac@mail.gmail.com>
> Perhaps we want an "allow-frame-busting" directive? ?In the
> implementation we have an "allow-navigation" bit that covers
> navigation |top| as well as window.open, etc. ?Maybe we want a more
> general directive that twiddles this bit?

I'm wondering if sites want to have control over the type of
navigation: navigating the top-level context versus opening a new
window? In particular, I am thinking about ads in embeddable gadgets
(on social sites, or in places such as Docs, Wave, etc): you do not
want the gadget to interfere with the presentation of the page by
triggering disruptive and unsolicited top frame transitions (as this
could be used for a crude DoS - in fact, IIRC, there is some history
along these lines), but you may bey OK with a pop-up ad following a
click.

/mz
Received on Saturday, 13 February 2010 00:08:13 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:21 UTC