[giow] (1) Ensure that sandbox='allow-same-origin allow-top-navigatio…

…n' doesn't allow sandboxed pages to run scripts 'by proxy' (through the top-level browsing context) Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=11429 git-svn-id: http://svn.whatwg.org/webapps@5756 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Jan 10, 2011 · 7c1653f · 7c1653f
1 parent 7f3ccb7
commit 7c1653f
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/complete.html b/complete.html
@@ -64182,6 +64182,16 @@ <h4 id=javascript-protocol><span class=secno>7.1.5 </span><dfn title="javascript
     <p>Use the appropriate step from the following list:</p>
 
     <dl><dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
+     URL, and the <a href=#source-browsing-context>source browsing context</a> for that
+     navigation, if any, has <a href=#concept-bc-noscript title=concept-bc-noscript>scripting disabled</a></dt>
+
+     <dd>
+
+      <p>Let <var title="">result</var> be void.</p>
+
+     </dd>
+
+     <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
      URL, and the <a href=#active-document>active document</a> of that browsing
      context has the <a href=#same-origin>same origin</a> as the script given by
      that URL</dt>

diff --git a/index b/index
@@ -64184,6 +64184,16 @@ NETWORK:
     <p>Use the appropriate step from the following list:</p>
 
     <dl><dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
+     URL, and the <a href=#source-browsing-context>source browsing context</a> for that
+     navigation, if any, has <a href=#concept-bc-noscript title=concept-bc-noscript>scripting disabled</a></dt>
+
+     <dd>
+
+      <p>Let <var title="">result</var> be void.</p>
+
+     </dd>
+
+     <dt>If a <a href=#browsing-context>browsing context</a> is being <a href=#navigate title=navigate>navigated</a> to a <code>javascript:</code>
      URL, and the <a href=#active-document>active document</a> of that browsing
      context has the <a href=#same-origin>same origin</a> as the script given by
      that URL</dt>

diff --git a/source b/source
@@ -73064,6 +73064,18 @@ NETWORK:
 
     <dl>
 
+     <dt>If a <span>browsing context</span> is being <span
+     title="navigate">navigated</span> to a <code>javascript:</code>
+     URL, and the <span>source browsing context</span> for that
+     navigation, if any, has <span
+     title="concept-bc-noscript">scripting disabled</span></dt>
+
+     <dd>
+
+      <p>Let <var title="">result</var> be void.</p>
+
+     </dd>
+
      <dt>If a <span>browsing context</span> is being <span
      title="navigate">navigated</span> to a <code>javascript:</code>
      URL, and the <span>active document</span> of that browsing