W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2015

Re: [whatwg] Proposal: Two changes to iframe@sandbox

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 9 Jul 2015 08:28:03 -0700
Message-ID: <CADYDTCABFXHbqDNsD3g_p2Mdt60sKk2zBn0Bk-zUKSFjCKkWjQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: David Bruant <bruant.d@gmail.com>, Chris Coyier <chriscoyier@gmail.com>, WHAT Working Group Mailing List <whatwg@whatwg.org>, Boris Zbarsky <bzbarsky@mit.edu>, Alex Russell <slightlyoff@google.com>, Ian Hickson <ian@hixie.ch>
On Mon, Jul 6, 2015 at 2:47 AM, Mike West <mkwst@google.com> wrote:

> I've dropped the opener/openee-disowning behavior from my proposal,
> and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
>
> https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments&diff=9958&oldid=9955


​It appears that this new keyword as described would still require the use
of allow-popups in addition to allow-popups-to-escape-sandbox. Since it
doesn't make any sense on its own can you change it so that either keyword
allows popups to happen? That it, propose changing

    [Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
    contains the allow-popups keyword.

to

   [Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
   contains the allow-popups or *allow-popups-to-escape-sandbox* keyword.

​(might then require changing -to-escape- to -that-escape-)​

​You question to bz was "can you live with it", and I can live with it. I
wish it could be shorter, but my attempts (allow-popups-unsandboxed or
allow-unsandboxed-popups) weren't much shorter. Keeping "allow popups" in
there is good, especially if it can be used in place of regular
allow-popups. using the word "sandbox" is better than anything about
"auxiliary contexts".​

-
​Dan Veditz
Received on Thursday, 9 July 2015 15:28:30 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 July 2015 15:28:31 UTC