- From: Frode Børli <frode@seria.no>
- Date: Tue, 22 Jul 2008 00:35:03 +0200
I like the proposal of adding a "seamless" attribute to the iframe element, though it should perhaps be added using CSS since it applies to styling? I also want the following: <span sandbox=1> </span> This is because a typical Web 2.0 usage is to have a list of comments with a thumbs up/thumbs down for each message. This requires more fine grained control of what is user generated content and what is scripted content. The problem is 1: that the user can easily write </span> in his comment and bypass the sandbox and 2: it is not backward compatible. This is prevented by requiring anything inside a sandbox being entity escaped: <span sandbox=1> </span> </span> If the browser finds unescaped content inside a sandbox it should refuse to display the page - thereby forcing the author to fix this immediately. Any comments? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080722/8b1ac810/attachment.htm>
Received on Monday, 21 July 2008 15:35:03 UTC