Hi,
Freddy Braun recently noticed that he could do the following in Firefox :
iframe id='foo' sandbox='allow-same-origin' src='inner.html'
(note no allow-scripts)
and then in the document containing the iframe:
var iframe = document.getElementById('foo');
Hi,
while working on https://bugzilla.mozilla.org/show_bug.cgi?id=785310 (block
setting
window.top.location from a document sandboxed without 'allow-top-navigation')
and discussing
the correct behavior with Bobby Holley, I found some interesting differences
between what Chrome and IE have
Hi,
the spec at
http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
says :
This flag also prevents script from reading from or writing to the
document.cookie IDL attribute, and blocks access to localStorage.
it seems that indexedDB
Hi,
- Original Message -
From: Adam Barth w...@adambarth.com
To: Ian Melven imel...@mozilla.com
Cc: whatwg@lists.whatwg.org
Sent: Monday, August 6, 2012 5:12:40 PM
Subject: Re: [whatwg] iframe sandbox and indexedDB
Yes. I think this is actually a consequence of having a unique origin
ah ok, yes, it seems that we misunderstood - thanks for the clarification !
ian
- Original Message -
From: Anne van Kesteren ann...@annevk.nl
To: Ian Melven imel...@mozilla.com
Cc: whatwg@lists.whatwg.org, david-sa...@jacaranda.org
Sent: Saturday, June 16, 2012 7:14:09 AM
Subject: Re
Hi,
in https://bugzilla.mozilla.org/show_bug.cgi?id=341604#c180, David-Sarah Hopwood
makes a few points about cookies in sandboxed documents :
Ugh, that's mandating an information leak about whether the document has
cookies. Maybe a minor leak,
but I don't understand why it should exist: if
Hi,
While working on implementing HTML5's iframe sandbox, I realized that in
script, one can't
tell the difference between these two cases : iframe and iframe sandbox =
''.
In both cases, iframe.sandbox will be '' (the empty string). This is
true in Webkit and IE10's implementations, as far
Just to make sure I understand the proposal correctly : if allow-popups is
specified and a new
browsing context is being created, this inherits the sandbox flags of the
document
creating the new popup/browsing context ?
This does seem to complicate the algorithm to determine if a navigation is
- Original Message -
From: Adam Barth w...@adambarth.com
To: Jonas Sicking jo...@sicking.cc
Cc: Ian Melven imel...@mozilla.com, whatwg@lists.whatwg.org
Sent: Monday, November 7, 2011 10:50:22 PM
Subject: Re: [whatwg] iframe sandbox, object tag
On Mon, Nov 7, 2011 at 7:13 PM, Jonas
Hi,
while implementing the IFRAME sandbox attribute, a couple of questions have
come up :
- although the HTML5 spec deprecates the frame tag, there's been a couple of
people
asking if frame will support @sandbox - thoughts and opinions here welcome,
although
this may be 'off topic' if the
10 matches
Mail list logo
