- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 12 Jan 2010 02:41:31 +0000 (UTC)
On Thu, 5 Nov 2009, Adam Barth wrote: > > == allow-same-origin + allow-script == > > It's clear that adding both allow-same-origin and allow-script to > @sandbox at the same time make the sandbox useless because the sandboxed > content can simply reach outside the frame and remove the sandbox > attribute. Should we disallow setting these values at the same time? > If an author does set both, maybe we should only pay attention to one? Done. allow-same-origin now overrides allow-scripts. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 11 January 2010 18:41:31 UTC