- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 6 Sep 2010 09:42:50 -0700
What do you mean by access to the iframe's browsing context? Is that access you would have if the iframe were not sandboxed? Adam On Mon, Sep 6, 2010 at 7:31 AM, Nick Vidal <nick at iss.im> wrote: > In addition to allow-top-navigation for the iframe's sandbox > attribute, I propose the opposite: allow-bottom-navigation. This would > allow a parent document to have access to the iframe's > browsing-context (even when the user has navigate to a different > domain). > > I'm building a Webtop (a Desktop Environment on top of the Web) that > allows users to navigate websites securely through iframes [note 1]. > An iframe is necessary to protect the Webtop from being compromised by > an untrusted website. ?However, this also restricts the Webtop from > accessing the browsing-context of the iframe. > > The allow-bottom-navigation would permit the Webtop: > > a) to provide independent navigation controls for each iframe [note 2]; > b) to bookmark a website; > c) to save a session (i.e. to save all opened task windows, including > those that have an iframe). > > I don't see any security risks, since the parent document would have > access only to the browsing context of the iframe. No other access > would be granted. > > Best regards, > Nick > > Notes: > 1) More information here: http://itop.iss.im/ > 2) As previously discussed here: > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-August/027884.html >
Received on Monday, 6 September 2010 09:42:50 UTC