- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 12 Jan 2010 18:08:14 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: public-html@w3.org, public-web-security@w3.org
On Jan 12, 2010, at 5:51 PM, Ian Hickson wrote: > In response to implementor feedback regarding the sandbox="" feature of > <iframe> in the WHATWG list [1], and based in part on a 2007 research > paper from Microsoft [2], I have introduced a new MIME type for HTML > (text/sandboxed-html) that is identical to text/html in every way except > one critical aspect: resources served with this MIME type are forced into > a unique security origin context. I would prefer a media type of "text/html-sandboxed", since that places the two types next to each other in a sorted list and allows easier prefix-matching when desired. ....Roy
Received on Wednesday, 13 January 2010 02:08:43 UTC