Re: text/sandboxed-html from sird@rckc.at on 2010-01-13 (public-html@w3.org from January 2010)

From: <sird@rckc.at>
Date: Wed, 13 Jan 2010 14:45:30 +0800
To: Toby Inkster <tai@g5n.co.uk>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
Message-ID: <8ba534861001122245o48151751vd1fdefd2c183827d@mail.gmail.com>

Hi!

Well, it doesn't eliminate the need of the mime, it just avoids the download
dialog from appearing.

Greetings!!
-- Eduardo
http://www.sirdarckcat.net/



On Wed, Jan 13, 2010 at 2:43 PM, Toby Inkster <tai@g5n.co.uk> wrote:

> On Wed, 2010-01-13 at 10:18 +0800, sird@rckc.at wrote:
> > why not putting the sandboxed URL inside the sandbox attribute?
> > anyway, it's just a suggestion, the new mime type is a great idea, now
> > sandbox makes sense!
> >
> > <iframe sandbox="http://thesite.com/thesandboxed.html"
> > sandboxsomething="no-scripts no-frames">
>
> Using a new attribute rather than src seems like a sensible idea to me.
> Legacy user agents won't load anything from:
>
>        <iframe sandbox="http://example.com/sandboxed.html"></iframe>
>
> And won't pop up annoying dialogue boxes. It seems to eliminate the need
> for an additional media type registration; and it makes things simpler
> for those HTML publishers who are not au fait with configuring their web
> servers.
>
> --
> Toby A Inkster
> <mailto:mail@tobyinkster.co.uk>
> <http://tobyinkster.co.uk>
>
>

Received on Wednesday, 13 January 2010 06:46:23 UTC