Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nested browsing context navigation to non-network schemes #77

Closed
shekyan opened this issue Apr 20, 2016 · 3 comments
Closed

Nested browsing context navigation to non-network schemes #77

shekyan opened this issue Apr 20, 2016 · 3 comments

Comments

@shekyan
Copy link
Contributor

shekyan commented Apr 20, 2016

I saw this topic , which ensured me, that change to the spec we did is in right direction.
However, the question prompted me to check if sandboxed origin browsing context has control over navigation to non-network schemes, and I was surprised to see that there is no control over that capability.

I think that limiting nested browsing context navigation to the defined set of schemes is in immediate CSP interest, or perhaps fetch? Can we do something in CSPland to have that capability?

@mikewest
Copy link
Member

I don't really understand what you're asking for. Could you be a little more concrete with your suggestion?

@shekyan
Copy link
Contributor Author

shekyan commented Apr 20, 2016

I ask if requiring parent context to opt-in to allow navigating iframes to non-network schemes is sane idea or not (if it both fits CSP roadmap and is technically possible to implement by browsers without rewriting everything).

@mikewest
Copy link
Member

mikewest commented May 9, 2017

Duping this into #125.

@mikewest mikewest closed this as completed May 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants