W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: iframe@security

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 21 Jan 2008 12:53:41 +0100
To: joshue.oconnor@cfit.ie
Cc: HTMLWG <public-html@w3.org>
Message-ID: <op.t493brr564w2qv@annevk-t60.oslo.opera.com>

On Mon, 21 Jan 2008 12:42:25 +0100, Joshue O Connor  
<joshue.oconnor@cfit.ie> wrote:
> <article comment>
> # re: Using Frames More Securely
> Friday, January 18, 2008 9:24 PM by Steven Roussey
>
> It would be nice if this security setting could be done on a <div
> security="restricted"></div> for the case of things like, say, message
> comments!
>
> </article comment>
>
> Could this idea fly using a semantically neutral element? It would be a
> cross browser, non-proprietary solution would it not and give a great
> deal of flexibility without the need to use frames at all?

What if the message comment contains "</div>" followed by some dangerous  
stuff? What about clients that do not support the security attribute?  
There has been extensive discussion on this already on the WHATWG mailing  
list (don't have any pointers handy) and as far as I could tell there  
weren't really any proper solutions for the problem, apart from content  
authors ensuring they can't be spoofed on their end.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 21 January 2008 11:50:24 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC