Ian Hickson wrote: > > Summary: > > * I've added a sandbox="" attribute to <iframe>, which by default > disables a number of features and takes a space-separated list of > features to re-enable: > ... Makes sense, Ian. Additionally to this, what about adding <meta> tag that disables or limits features of the page if it is running inside <frame> or <iframe>? Say something like this: <html> <head> <meta name="allowed-context" value="standalone-only" /> </head> ... </html> That may prevent some types of malicious uses. -- Andrew Fedoniouk. http://terrainformatica.comReceived on Wednesday, 21 May 2008 23:44:22 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:14 GMT