Re: iframe@security

On Mon, 21 Jan 2008 12:42:25 +0100, Joshue O Connor  
<> wrote:
> <article comment>
> # re: Using Frames More Securely
> Friday, January 18, 2008 9:24 PM by Steven Roussey
> It would be nice if this security setting could be done on a <div
> security="restricted"></div> for the case of things like, say, message
> comments!
> </article comment>
> Could this idea fly using a semantically neutral element? It would be a
> cross browser, non-proprietary solution would it not and give a great
> deal of flexibility without the need to use frames at all?

What if the message comment contains "</div>" followed by some dangerous  
stuff? What about clients that do not support the security attribute?  
There has been extensive discussion on this already on the WHATWG mailing  
list (don't have any pointers handy) and as far as I could tell there  
weren't really any proper solutions for the problem, apart from content  
authors ensuring they can't be spoofed on their end.

Anne van Kesteren

Received on Monday, 21 January 2008 11:50:24 UTC