- From: Andrew Fedoniouk <news@terrainformatica.com>
- Date: Wed, 21 May 2008 16:45:32 -0700
- To: Ian Hickson <ian@hixie.ch>
- CC: whatwg <whatwg@whatwg.org>, HTMLWG <public-html@w3.org>, public-webapi@w3.org
Ian Hickson wrote: > > Summary: > > * I've added a sandbox="" attribute to <iframe>, which by default > disables a number of features and takes a space-separated list of > features to re-enable: > ... Makes sense, Ian. Additionally to this, what about adding <meta> tag that disables or limits features of the page if it is running inside <frame> or <iframe>? Say something like this: <html> <head> <meta name="allowed-context" value="standalone-only" /> </head> ... </html> That may prevent some types of malicious uses. -- Andrew Fedoniouk. http://terrainformatica.com
Received on Wednesday, 21 May 2008 23:44:22 UTC