Re: text/sandboxed-html

2010/1/13 sird@rckc.at <sird@rckc.at>

> this is a great idea! but I think that legacy browsers will prompt a
> <download file> dialog if they dont support it.
>
> why not putting the sandboxed URL inside the sandbox attribute? anyway,
> it's just a suggestion, the new mime type is a great idea, now sandbox makes
> sense!
>
> <iframe sandbox="http://thesite.com/thesandboxed.html"
> sandboxsomething="no-scripts no-frames">
>

I agree with Eduardo here and I agree with the mime-type it's a good idea.
It eliminates two problems:-

1) Legacy browsers won't run the code if they don't support it
2) Web sites can choose to be sandboxed, this is useful because the
attribute could be used as an attack vector to conduct certain attacks.

Received on Wednesday, 13 January 2010 15:18:44 UTC