W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 25 Jan 2010 09:03:14 -0600
Message-ID: <dd0fbad1001250703t3a07f10fwbd98e7171d15bdb1@mail.gmail.com>
To: Shelley Powers <shelley.just@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Lars Gunther <gunther@keryx.se>, "public-html@w3.org WG" <public-html@w3.org>
On Mon, Jan 25, 2010 at 8:34 AM, Shelley Powers <shelley.just@gmail.com> wrote:
> I'm glad you noted that this approach won't really be worthwhile, or stand
> alone, for years because of existing browsers.

That is most certainly not what Maciej said.

> But let's go further on this. Since I found out that the primary use case
> for this change, and in fact, this whole sandbox issue, is comments, let's
> talk about comments.

To shorten the following, I'll distill it into bullet points.

• sql injection
No, it won't protect against sql injection, as that's a server-side
issue.  That has never had anything to do with the client-side, and
until/unless we get a client-side sql database api, it will continue
to not be a client-side issue.

• spammers
No, of course not.

• blocking images
Possibly.  At the moment <img>s are allowed in sandboxed content.  Is
this something we need to address?

• blocking SVG
Possibly.  Is this something we need to address?

• posts, rather than comments, needing control/protection
If you are letting untrusted users post content on the site, and
you're already using @sandbox'd iframes for comments, then yes, it's
probably a good idea to do so for posts as well.

• invalid unicode characters in XHTML
I think many of the browser vendors would enjoy fixing this error in
XHTML, but many in the XHTML community seem quite strongly opposed to
it.  It's nothing to do with @sandbox, though - if you fix it in one
place, it should be fixed everywhere.

• browser vendors being less experienced than sanitizing-tools authors
Perhaps.  But browsers also have very particular powers that
sanitizers can not ever have, such as the ability to know precisely
when something would run script, or attempt to change something
outside of its origin.  They also have things like the parser they use
to parse the page, which, as I stated before, means that they can
potentially 'clean' HTML with no chance of anything slipping through
due to a mismatch in parsing algorithms.  There are a number of things
that we'd like to have control over that are literally impossible to
control through sanitizing, but @sandbox helps us with that.

I'll note, though, that your objections seem now to be completely
about @sandbox instead of @srcdoc?  Is this correct?  As I said
before, @srcdoc is merely a convenience attribute for making @sandbox
easier to use.  You seem to be objecting to the concept of @sandbox
itself.

~TJ
Received on Monday, 25 January 2010 15:10:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC