- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 22 Aug 2013 05:50:29 +0000 (UTC)
- To: Elliott Sprehn <esprehn@chromium.org>
- Cc: Matt Falkenhagen <falken@chromium.org>, WHATWG <whatwg@lists.whatwg.org>, "Tab Atkins Jr." <jackalmage@gmail.com>
On Wed, 21 Aug 2013, Elliott Sprehn wrote: > On Wed, Aug 21, 2013 at 3:58 PM, Ian Hickson <ian@hixie.ch> wrote: > > > > > > Hm, I was given to understand that it *was* intended that dialogs be > > > able to escape iframes through some mechanism. > > > > That isn't specced currently. I'm not 100% I understand how it would > > work (I guess it would need a lot of infrastructure from CSS?), but > > I'm happy to do it if there's demand and if the CSS side is figured > > out. > > Matt and I discussed this and I don't think we need it anymore. I've > also discussed it with security folks and they're not super comfortable > allowing a nested iframe to show arbitrary content over the main frame. > Specifically this gives non-sandboxes iframes superpowers they didn't > have before (so we'd need a special new attribute) and we'd need to show > info bars to notify the user of the origin of the dialog... even then > it's scary because the content seen under the ::backdrop is from a > different origin than the dialog itself. Yeah if we did this at all it would have to be limited to same-origin iframes, at which point it's not clear how useful it is anyway. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 August 2013 05:50:56 UTC