> Can a frame in @sandbox ever navigation the top-level frame? If not, > that would make it hard to use @sandbox to contain advertisements, > which want to navigate |top| when the user clicks on the ad.
Ads would want to be able to do that, but user-controlled gadgets shouldn't. I suppose the top-level page should be able to specify, and the entire @sandbox chain would need to be traversed to make the call (so that @sandbox included on example.com that is prohibited from messing with the top-level frame can't just create a nested frame without the restriction, and bypass the check). I assume that chain-style checking is already a part of the spec, as we obviously don't want other restrictions to be removed in a similar manner? /mz