http://www.w3.org/Bugs/Public/show_bug.cgi?id=8849 Tab Atkins Jr. <jackalmage@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jackalmage@gmail.com --- Comment #1 from Tab Atkins Jr. <jackalmage@gmail.com> 2010-01-31 21:03:46 --- We already have a mechanism for turning off scripts in @sandbox. This also lets you apply more fine control than just shutting off scripts entirely. Putting an entire page into sandbox mode is an interesting idea. By itself, it doesn't work - <html sandbox> fails open in legacy browsers. But if you then serve that page with text/html-sandboxed mimetype, it would have all the behaviors we want. It would fail closed in legacy browsers, and give you full sandboxing control over the entire page. So, counter-proposal! Allow @sandbox on <html>. Recommend that it be served with text/html-sandboxed to prevent unwanted execution in legacy clients. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.Received on Sunday, 31 January 2010 21:03:48 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:09 UTC