W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2012

[whatwg] Confirming understanding about window.location's interaction with sandboxed seamless iframes

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 11 Apr 2012 23:18:25 -0700
Message-ID: <CAJE5ia_QgCvXUd44bbOSqWj_8qhYFXgxtHHkbOZVHNnQj6DMLg@mail.gmail.com>
We ran into a tricky case in implementing seamless today, and I'd like
to make sure we did the right thing.  Consider the following markup:

<iframe seamless srcdoc="<script>window.location =

According to the rules for navigating seamless iframes, when the child
frame assigns to window.location, the browser will navigate the parent
frame.  Now, what happens if you add in sandbox:

<iframe seamless sandbox="allow-scripts"
srcdoc="<script>window.location =

In this case, navigating the parent is blocked because the sandbox
prevents the child from navigating it's parent.  Therefore, the
navigation just fails.  There's a full test case up on GitHub if
that's helpful to you:


Please let us know if we've misunderstood the interactions between
these three features.

Received on Wednesday, 11 April 2012 23:18:25 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:41 UTC