On Dec 8, 2009, at 1:29 AM, sird@rckc.at wrote: > I also like this option: > > 4. add a declarative option to <link> and <style> elements to say > the CSS parser should be in a "sandboxed" mode > > I am doing something like that already on ACS ( http://docs.google.com/View?id=ddqtfnx3_381fxp3zjf3 > ) but having it on HTML5 would be greaaat. What would be the effect of the "sandboxed" mode? > > Would it be possible to add it to <script>? (I also support this on > ACS using Gareth Heyes's jsreg : http://tinyurl.com/jsreg ). > > In script it could work to define functions with a different > principal.. this way the stuff in there can only work with > references it receives from user functions (should have the same > type of protections Mozilla adds to addons interacting with web > content with Wrappers). > > This would probably be better than sandboxed iframes.. and would > mitigate quite a lot of problems. Having a single script operate with a different security origin would be considerably more challenging to implement than sandboxed iframes. Why is it better? Regards, MaciejReceived on Tuesday, 8 December 2009 15:10:31 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT