W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2006

[whatwg] Sandboxing scripts: call for a wider discussion

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 23 Jan 2006 03:14:02 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0601230233560.9516@dhalsim.dreamhost.com>
On Sun, 22 Jan 2006, Alexey Feldgendler wrote:
> 
> However, the ideas about sandboxing have been neither accepted nor rejected by
> others on this list, and the proposal didn't make it to WA1 current-work. It's
> a pity that these ideas are getting ignored [...]

Worry not, they're not being ignored. There are hundreds of good ideas 
being suggested to this list; all will be examined and responded to before 
the spec is finished. Currently the focus is on the parser section.

I agree that sandboxing is very important. There are some big problems 
with it -- how to get some level of backwards compatibility without 
exposing 99% of users to security risks, how to make it possible to 
sandbox arbitrary content (that can't, e.g., do:

   document.write("</sandbox>");

...or similar), how to enable all this without requiring multiple global 
scope objects, etc.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 22 January 2006 19:14:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:25 UTC