W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: CSP XML Data with tokens

From: <sird@rckc.at>
Date: Fri, 28 Jan 2011 10:56:42 -0600
Message-ID: <AANLkTi=qNvpbWF4nX-fhhvTJhauXRn5Av4_N5h0JEd_p@mail.gmail.com>
To: gaz Heyes <gazheyes@gmail.com>
Cc: Adam Barth <w3c@adambarth.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Michal Zalewski <lcamtuf@coredump.cx>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
Hi!

The attribute "seamless" will do:

1. If you have b{color:blue} in the doc
2. You have:
<iframe sandbox="allow-same-origin" seamless="seamless"
srcdoc="<b>xD</b>"></iframe>
3. You get, a blue bold "xD".

Greetings!!

-- Eduardo




On Fri, Jan 28, 2011 at 4:23 AM, gaz Heyes <gazheyes@gmail.com> wrote:
> On 28 January 2011 10:09, Adam Barth <w3c@adambarth.com> wrote:
>>
>> The reason we use iframe for this purpose is because iframe is
>> basically the only isolation primitive we have in the web platform
>> today.
>
> I'm not saying a iframe sandbox is a bad thing, I'm just saying it isn't fit
> for this purpose
>
Received on Friday, 28 January 2011 16:57:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 28 January 2011 16:57:48 GMT