Re: [whatwg] Proposal: Two changes to iframe@sandbox

On Mon, Jul 6, 2015 at 2:47 AM, Mike West <mkwst@google.com> wrote:

> I've dropped the opener/openee-disowning behavior from my proposal,
> and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
>
> https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvments&diff=9958&oldid=9955


​It appears that this new keyword as described would still require the use
of allow-popups in addition to allow-popups-to-escape-sandbox. Since it
doesn't make any sense on its own can you change it so that either keyword
allows popups to happen? That it, propose changing

    [Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
    contains the allow-popups keyword.

to

   [Set] The sandboxed auxiliary navigation browsing context flag
<https://developers.whatwg.org/origin-0.html#sandboxed-auxiliary-navigation-browsing-context-flag>,
unless tokens
   contains the allow-popups or *allow-popups-to-escape-sandbox* keyword.

​(might then require changing -to-escape- to -that-escape-)​

​You question to bz was "can you live with it", and I can live with it. I
wish it could be shorter, but my attempts (allow-popups-unsandboxed or
allow-unsandboxed-popups) weren't much shorter. Keeping "allow popups" in
there is good, especially if it can be used in place of regular
allow-popups. using the word "sandbox" is better than anything about
"auxiliary contexts".​

-
​Dan Veditz

Received on Thursday, 9 July 2015 15:28:30 UTC