[Bug 13230] Use application/sandbox with a type parameter instead of text/html-sandboxed from bugzilla@jessica.w3.org on 2011-07-13 (public-html-bugzilla@w3.org from July 2011)

From: <bugzilla@jessica.w3.org>
Date: Wed, 13 Jul 2011 19:18:21 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Qh4wv-0003Lg-Qt@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13230

--- Comment #4 from Eli Grey (:sephr) <bugmail@eligrey.com> 2011-07-13 19:18:21 UTC ---
How would you sandbox an image/svg+xml game that a user uploads then? I may be
over engineering here but the fact is that text/html-sandboxed is terribly
unsuited for this.

To simplify the solution, it might just be best to go with a Sandbox: [options]
HTTP header. For example,

Content-Type: image/svg+xml
Sandbox: allow-scripts

...

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 13 July 2011 19:18:24 UTC