[Bug 13267] New: sandboxing implication for plugins should be rephrased

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13267

           Summary: sandboxing implication for plugins should be rephrased
           Product: HTML WG
           Version: unspecified
          Platform: All
               URL: http://www.w3.org/TR/2011/WD-html5-20110525/Overview.h
                    tml#attr-iframe-sandbox
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: julian.reschke@gmx.de
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


"The sandbox attribute, when specified, enables a set of extra restrictions on
any content hosted by the iframe. Its value must be an unordered set of unique
space-separated tokens that are ASCII case-insensitive. The allowed values are
allow-same-origin, allow-top-navigation, allow-forms, and allow-scripts. When
the attribute is set, the content is treated as being from a unique origin,
forms and scripts are disabled, links are prevented from targeting other
browsing contexts, and plugins are disabled."

This doesn't cover the case where a UI might be able to negotiate these
restrictions with a plugin.

See context around
<http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-July/032429.html>.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Friday, 15 July 2011 08:14:25 UTC