8528 2009-12-20 23:31:43 +0000 "scripts are still prevented from creating popups", therefore shouldn't an "allow-popup" token also be included? 2010-10-04 14:55:01 +0000 1 1 1 Unclassified HTML WG pre-LC1 HTML5 spec (editor: Ian Hickson) unspecified Other other RESOLVED WONTFIX http://www.whatwg.org/specs/web-apps/current-work/#the-iframe-element P3 normal LC 1 contributor ian ian mike public-html-admin public-html-wg-issue-tracking public-html-bugzilla oldest_to_newest 30218 0 contributor 2009-12-20 23:31:43 +0000 Section: http://www.whatwg.org/specs/web-apps/current-work/#the-iframe-element Comment: "scripts are still prevented from creating popups", therefore shouldn't an "allow-popup" token also be included? Posted from: 60.242.139.60 30627 1 ian 2010-01-06 10:46:55 +0000 EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Rejected Change Description: no spec change Rationale: If we allow popups, then it's trivial to break out of the sandbox. There wouldn't be much point having the sandbox at all in that case. The only way it could work is if the created popups also had all the sandboxing magic propagated to them, which we could do — but before doing that, we should see whether what we have so far is any good.