this is a great idea! but I think that legacy browsers will prompt a <download file> dialog if they dont support it. why not putting the sandboxed URL inside the sandbox attribute? anyway, it's just a suggestion, the new mime type is a great idea, now sandbox makes sense! <iframe sandbox="http://thesite.com/thesandboxed.html" sandboxsomething="no-scripts no-frames"> Greetings!! -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China On Wed, Jan 13, 2010 at 10:08 AM, Roy T. Fielding <fielding@gbiv.com> wrote: > On Jan 12, 2010, at 5:51 PM, Ian Hickson wrote: > > > In response to implementor feedback regarding the sandbox="" feature of > > <iframe> in the WHATWG list [1], and based in part on a 2007 research > > paper from Microsoft [2], I have introduced a new MIME type for HTML > > (text/sandboxed-html) that is identical to text/html in every way except > > one critical aspect: resources served with this MIME type are forced into > > a unique security origin context. > > I would prefer a media type of "text/html-sandboxed", since that places > the two types next to each other in a sorted list and allows easier > prefix-matching when desired. > > ....Roy > > >Received on Wednesday, 13 January 2010 02:19:17 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT