- From: <bugzilla@jessica.w3.org>
- Date: Fri, 15 Jul 2011 08:14:20 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13267
Summary: sandboxing implication for plugins should be rephrased
Product: HTML WG
Version: unspecified
Platform: All
URL: http://www.w3.org/TR/2011/WD-html5-20110525/Overview.h
tml#attr-iframe-sandbox
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: HTML5 spec (editor: Ian Hickson)
AssignedTo: ian@hixie.ch
ReportedBy: julian.reschke@gmx.de
QAContact: public-html-bugzilla@w3.org
CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
public-html@w3.org
"The sandbox attribute, when specified, enables a set of extra restrictions on
any content hosted by the iframe. Its value must be an unordered set of unique
space-separated tokens that are ASCII case-insensitive. The allowed values are
allow-same-origin, allow-top-navigation, allow-forms, and allow-scripts. When
the attribute is set, the content is treated as being from a unique origin,
forms and scripts are disabled, links are prevented from targeting other
browsing contexts, and plugins are disabled."
This doesn't cover the case where a UI might be able to negotiate these
restrictions with a plugin.
See context around
<http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2011-July/032429.html>.
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 15 July 2011 08:14:28 UTC