- From: Craig Francis <craig.francis@gmail.com>
- Date: Fri, 11 Mar 2016 12:18:25 +0000
- To: WebAppSec WG <public-webappsec@w3.org>
Hi, Just thinking about third party content, and how it is typically given *full* access to a webpage with a `script` tag, which means it can do pretty much anything it likes to the page (not good). A possible solution is to use an `iframe` - but we can't at the moment, as they are too restrictive. While GitHub is probably not the best place for this, I've written up some ideas that might fix the main issues (basically taking the current features we have, and tweaking them a bit)... https://github.com/craigfrancis/security/tree/master/third-party-content Thoughts? Craig
Received on Friday, 11 March 2016 12:18:55 UTC