W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2012

[whatwg] Additional attribute value for iframe sandbox

From: Tim Streater <tim@clothears.org.uk>
Date: 30 Apr 2012 21:15 +0100
Message-ID: <20120430201548.2C3AE98400F@zapata.dreamhost.com>
I'd like to request that it be possible for links in sandboxed iframes, when clicked, to open in a new window. My reading of the documentation suggests that in a sandboxed iframe, links are disabled except that "allow-top-navigation" permits the equivalent of "target='_top'". In effect, I'd like a new value that permits "target='_blank'". Testing today tells me that in fact in Safari 5.1.5 at least, a sandboxed iframe does not interfere in any way with links.

My use case is this. My application, a mail client, receives html emails and uses an iframe to display them. A good example of such a mail can be seen here:

  <http://www.newscientist.com/data/projects/newsletter/newsletter20120430rwau.html>

(When I receive it, the recipient's email address is in the bottom part of the page rather than #emailaddr#.) This is an example of a trusted email which has links. At present, my application strips out scripts as a primitive security measure, but I'd rather use a sandboxed iframe if possible. However, a user will expect to be able to click on a link in such an email and have a new window opened, separate from the email client. Hence my request for a new value for the sandbox attribute.

--
Cheers  --  Tim
Received on Monday, 30 April 2012 13:15:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:07 GMT