- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 22 May 2008 05:22:07 +0000 (UTC)
- To: Andrew Fedoniouk <news@terrainformatica.com>
- Cc: HTMLWG <public-html@w3.org>
On Wed, 21 May 2008, Andrew Fedoniouk wrote: > > Ian Hickson wrote: > > > > Summary: > > > > * I've added a sandbox="" attribute to <iframe>, which by default > > disables a number of features and takes a space-separated list of > > features to re-enable: > > > ... > > Makes sense, Ian. > > Additionally to this, what about adding <meta> tag that disables or limits > features of the page if it is running inside <frame> or <iframe>? > > Say something like this: > > <html> > <head> > <meta name="allowed-context" value="standalone-only" /> > </head> > ... > </html> > > That may prevent some types of malicious uses. There have been proposals along these lines before, e.g. http://www.gerv.net/security/content-restrictions/ I recommend developing these ideas independently and getting implementation experience, since they don't need HTML-specific syntax and could apply to other vocabularies as well. Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 22 May 2008 05:22:49 UTC