- From: Toby Inkster <tai@g5n.co.uk>
- Date: Wed, 13 Jan 2010 06:43:56 +0000
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
On Wed, 2010-01-13 at 10:18 +0800, sird@rckc.at wrote: > why not putting the sandboxed URL inside the sandbox attribute? > anyway, it's just a suggestion, the new mime type is a great idea, now > sandbox makes sense! > > <iframe sandbox="http://thesite.com/thesandboxed.html" > sandboxsomething="no-scripts no-frames"> Using a new attribute rather than src seems like a sensible idea to me. Legacy user agents won't load anything from: <iframe sandbox="http://example.com/sandboxed.html"></iframe> And won't pop up annoying dialogue boxes. It seems to eliminate the need for an additional media type registration; and it makes things simpler for those HTML publishers who are not au fait with configuring their web servers. -- Toby A Inkster <mailto:mail@tobyinkster.co.uk> <http://tobyinkster.co.uk>
Received on Wednesday, 13 January 2010 06:44:44 UTC