W3C home > Mailing lists > Public > public-html@w3.org > May 2008

Re: The <iframe> element and sandboxing ideas

From: Andrew Fedoniouk <news@terrainformatica.com>
Date: Wed, 21 May 2008 16:45:32 -0700
Message-ID: <4834B41C.1010807@terrainformatica.com>
To: Ian Hickson <ian@hixie.ch>
CC: whatwg <whatwg@whatwg.org>, HTMLWG <public-html@w3.org>, public-webapi@w3.org

Ian Hickson wrote:
> 
> Summary:
> 
>  * I've added a sandbox="" attribute to <iframe>, which by default
>    disables a number of features and takes a space-separated list of
>    features to re-enable:
> 
...

Makes sense, Ian.

Additionally to this, what about adding <meta> tag that disables or 
limits features of the page if it is running inside <frame> or <iframe>?

Say something like this:

<html>
   <head>
     <meta name="allowed-context" value="standalone-only" />
   </head>
   ...
</html>

That may prevent some types of malicious uses.

-- 
Andrew Fedoniouk.

http://terrainformatica.com
Received on Wednesday, 21 May 2008 23:44:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:17 GMT