W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: text/html-sandboxed should just be a sandboxed MIME type attribute

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Tue, 29 Mar 2011 04:56:45 -0700
Message-ID: <AANLkTim3tokwLACv4HhgH+E5rA+3sp2U9io9dTtfQptD@mail.gmail.com>
To: gaz Heyes <gazheyes@gmail.com>
Cc: Jacob Rossi <jrossi@microsoft.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "public-html@w3.org" <public-html@w3.org>, Adrian Bateman <adrianba@microsoft.com>
> 2) The mime type ensures that the content itself was intended to be
> sandboxed.

Not really; still-popular browsers such as MSIE6 and MSIE7 will still
tend to detect HTML on such a document in certain circumstances. If
the goal of text/html-sandboxed is backward safety, then ignoring this
is probably problematic (but I do think this was discussed before).

/mz
Received on Tuesday, 29 March 2011 11:57:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 March 2011 11:57:41 GMT