W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2009

[whatwg] some thoughts on sandboxed IFRAMEs

From: Adam Barth <whatwg@adambarth.com>
Date: Sun, 13 Dec 2009 14:00:00 -0800
Message-ID: <7789133a0912131400yc86091bu6672ba65b56239b0@mail.gmail.com>
On Sun, Dec 13, 2009 at 1:51 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote:
>> That seems like a backwards way of proceeding. ?Do you have a proposal
>> for unification besides the <jail> tag?
> The only fundamental objection I have heard against it is the trouble
> with XML representation.

How do I use the <jail> tag to sandbox advertisements?

More specifically, here's the use case that I think is easy 10x or a
100x more important than everything else we've discussed in this

1) A publisher wants to show an advertisement on his or her web page.
2) 60% of the visits to the publishers web site are running a
vulnerable version of Flash.
3) The publisher does not want a malicious advertisement to install
malware on the user's computer.

The sandbox tag is great at addressing that use case.  I don't see why
we should delay it in the hopes that the <jail> tag comes back to

Received on Sunday, 13 December 2009 14:00:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:54 UTC