> Perhaps we want an "allow-frame-busting" directive? In the > implementation we have an "allow-navigation" bit that covers > navigation |top| as well as window.open, etc. Maybe we want a more > general directive that twiddles this bit?
I'm wondering if sites want to have control over the type of navigation: navigating the top-level context versus opening a new window? In particular, I am thinking about ads in embeddable gadgets (on social sites, or in places such as Docs, Wave, etc): you do not want the gadget to interfere with the presentation of the page by triggering disruptive and unsolicited top frame transitions (as this could be used for a crude DoS - in fact, IIRC, there is some history along these lines), but you may bey OK with a pop-up ad following a click. /mz
