It's allowed because the parent frame is the same as the frame doing the navigation. They're from the same origin, and the parent frame could have done the same. See bug 408052 and http://crypto.stanford.edu/websec/frames/navigation/ -- Adam Barth and Collin Jackson really thought this through a few months ago :) Firefox 3 uses the "Descendant policy", and your use would be allowed by even the strictest policy that has been in wide use, the "Child policy" (assuming "origin propagation" is allowed).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.