W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: text/sandboxed-html

From: Toby Inkster <tai@g5n.co.uk>
Date: Wed, 13 Jan 2010 06:43:56 +0000
To: "sird@rckc.at" <sird@rckc.at>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
Message-ID: <1263365037.9072.6.camel@ophelia2.g5n.co.uk>
On Wed, 2010-01-13 at 10:18 +0800, sird@rckc.at wrote:
> why not putting the sandboxed URL inside the sandbox attribute?
> anyway, it's just a suggestion, the new mime type is a great idea, now
> sandbox makes sense!
> 
> <iframe sandbox="http://thesite.com/thesandboxed.html"
> sandboxsomething="no-scripts no-frames">

Using a new attribute rather than src seems like a sensible idea to me.
Legacy user agents won't load anything from:

	<iframe sandbox="http://example.com/sandboxed.html"></iframe>

And won't pop up annoying dialogue boxes. It seems to eliminate the need
for an additional media type registration; and it makes things simpler
for those HTML publishers who are not au fait with configuring their web
servers.

-- 
Toby A Inkster
<mailto:mail@tobyinkster.co.uk>
<http://tobyinkster.co.uk>
Received on Wednesday, 13 January 2010 06:44:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:57 GMT