W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > February 2010

[Bug 8849] The ability for an author to completely disable javascript on their webpage - an html scripts="no" attribute

From: <bugzilla@wiggum.w3.org>
Date: Mon, 01 Feb 2010 08:41:51 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Nbrqx-0008Q3-SE@wiggum.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=8849


Mac Clemmens <mac@digitaldeployment.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mac@digitaldeployment.com




--- Comment #2 from Mac Clemmens <mac@digitaldeployment.com>  2010-02-01 08:41:51 ---
Re: #1 From Tab Atkins Jr.

I appreciate your counter-proposal. I would like to call for allowing @sandbox
on <html> and recommending that it be served with text/html-sandboxed so it
fails closed and prevents unwanted execution in legacy clients. 

It's an excellent point you make regarding the mimetype. Right now it browsers
would just download the page instead of opening it. 

Here's an interesting question I stumbled upon while reading more on the
matter:

For the content to be sent as this MIME-type you’d have to be the one
controlling the server sending the content. Why would you use an iframe to
include content from your own site?

(http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox/comment-page-1#comment-41070)


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 1 February 2010 08:41:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC