- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 11 Apr 2012 23:18:25 -0700
We ran into a tricky case in implementing seamless today, and I'd like to make sure we did the right thing. Consider the following markup: <iframe seamless srcdoc="<script>window.location = 'http://example.com/';</script>"></iframe> According to the rules for navigating seamless iframes, when the child frame assigns to window.location, the browser will navigate the parent frame. Now, what happens if you add in sandbox: <iframe seamless sandbox="allow-scripts" srcdoc="<script>window.location = 'http://example.com/';</script>"></iframe> In this case, navigating the parent is blocked because the sandbox prevents the child from navigating it's parent. Therefore, the navigation just fails. There's a full test case up on GitHub if that's helpful to you: https://github.com/eseidel/webkit/blob/seamless/LayoutTests/fast/frames/seamless/seamless-window-location-sandbox.html Please let us know if we've misunderstood the interactions between these three features. Thanks! Adam
Received on Wednesday, 11 April 2012 23:18:25 UTC