Re: The <iframe> element and sandboxing ideas

Ian Hickson wrote:
> Summary:
>  * I've added a sandbox="" attribute to <iframe>, which by default
>    disables a number of features and takes a space-separated list of
>    features to re-enable:

Makes sense, Ian.

Additionally to this, what about adding <meta> tag that disables or 
limits features of the page if it is running inside <frame> or <iframe>?

Say something like this:

     <meta name="allowed-context" value="standalone-only" />

That may prevent some types of malicious uses.

Andrew Fedoniouk.

Received on Wednesday, 21 May 2008 23:44:22 UTC