- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 5 Apr 2012 18:07:05 +0000 (UTC)
On Wed, 4 Apr 2012, Michal Zalewski wrote: > > In fact, in the vein of opt-in disclosure perhaps something like > discloselocation={none|origin|full} would be more convenient - in which > case, you get something like > window.parentLocations[n].{origin|href|hash|...} > > I constantly fear that origin scoping for security mechanisms is too > coarse-grained in many use cases, because the complexity of what lives > in any single origin is growing pretty rapidly. Sites put > attacker-controlled content inside framed gadgets or advertisements, and > can't be reasonably expected to understand that if such a frame is > navigated to in a particular way, it may circumvent an origin-scoped > check. Tab suggests (on IRC) that this should just be tied to sandbox="", which seems reasonable at first blush. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 5 April 2012 11:07:05 UTC