W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: <sird@rckc.at>
Date: Sun, 6 Dec 2009 15:10:04 +0800
Message-ID: <8ba534860912052310p316721dr3e9326751542a6d@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: "sird@rckc.at" <sird@rckc.at>, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
ok understood.

anyway i will start another thread regarding sandbox iframes... i think they
are useless.. but maybe its a misunderstanding.

greetings!!

On Dec 6, 2009 3:06 PM, "Maciej Stachowiak" <mjs@apple.com> wrote:


On Dec 5, 2009, at 10:58 PM, sird@rckc.at wrote: > iirc sandboxed iframes
cant frame.
My reading of the spec (confirmed by Hixie) is that sandboxed iframes can
frame - perhaps they should not be able to.

> > in any case sandbox iframes are a joke unless you use data URIs.. that
should be cross origin a...
Not setting the allow-same-origin flag makes them about as restricted as
using a data: URI.

 - Maciej

> >> On Dec 6, 2009 2:55 PM, "Maciej Stachowiak" <mjs@apple.com> wrote: >>
>> On Dec 5, 2009, at 1...
Received on Sunday, 6 December 2009 07:10:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT