- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 5 Apr 2012 18:07:05 +0000 (UTC)
On Wed, 4 Apr 2012, Michal Zalewski wrote:
>
> In fact, in the vein of opt-in disclosure perhaps something like
> discloselocation={none|origin|full} would be more convenient - in which
> case, you get something like
> window.parentLocations[n].{origin|href|hash|...}
>
> I constantly fear that origin scoping for security mechanisms is too
> coarse-grained in many use cases, because the complexity of what lives
> in any single origin is growing pretty rapidly. Sites put
> attacker-controlled content inside framed gadgets or advertisements, and
> can't be reasonably expected to understand that if such a frame is
> navigated to in a particular way, it may circumvent an origin-scoped
> check.
Tab suggests (on IRC) that this should just be tied to sandbox="", which
seems reasonable at first blush.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 5 April 2012 11:07:05 UTC