W3C home > Mailing lists > Public > public-web-security@w3.org > January 2010

Re: text/sandboxed-html

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 12 Jan 2010 18:21:05 -0800
Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
Message-id: <58A19C6D-03E8-4003-9737-3346FB0E1A21@apple.com>
To: "Roy T. Fielding" <fielding@gbiv.com>

On Jan 12, 2010, at 6:08 PM, Roy T. Fielding wrote:

> On Jan 12, 2010, at 5:51 PM, Ian Hickson wrote:
>
>> In response to implementor feedback regarding the sandbox=""  
>> feature of
>> <iframe> in the WHATWG list [1], and based in part on a 2007 research
>> paper from Microsoft [2], I have introduced a new MIME type for HTML
>> (text/sandboxed-html) that is identical to text/html in every way  
>> except
>> one critical aspect: resources served with this MIME type are  
>> forced into
>> a unique security origin context.
>
> I would prefer a media type of "text/html-sandboxed", since that  
> places
> the two types next to each other in a sorted list and allows easier
> prefix-matching when desired.

That does seem like a potential improvement, so long as "text/html- 
sandboxed" has the same effect of load failure in legacy UAs (I  
haven't tested).

  - Maciej
Received on Wednesday, 13 January 2010 02:21:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT