- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 11 Apr 2012 23:39:32 -0700
On Wed, Apr 11, 2012 at 11:35 PM, Ian Hickson <ian at hixie.ch> wrote: > On Wed, 11 Apr 2012, Adam Barth wrote: >> >> We ran into a tricky case in implementing seamless today, and I'd like >> to make sure we did the right thing. ?Consider the following markup: >> >> <iframe seamless srcdoc="<script>window.location = >> 'http://example.com/';</script>"></iframe> >> >> According to the rules for navigating seamless iframes, when the child >> frame assigns to window.location, the browser will navigate the parent >> frame. ?Now, what happens if you add in sandbox: >> >> <iframe seamless sandbox="allow-scripts" >> srcdoc="<script>window.location = >> 'http://example.com/';</script>"></iframe> >> >> In this case, navigating the parent is blocked because the sandbox >> prevents the child from navigating it's parent. > > The blocking happens in step 2, which is before the seamless redirection > which is in step 3, so in this case it's not blocked. On #whatwg, Hixie pointed me to this table: http://www.whatwg.org/specs/web-apps/current-work/#browsing-context-names which looks quite helpful. Thanks! Adam
Received on Wednesday, 11 April 2012 23:39:32 UTC