btw, I have one question <iframe sandbox-src="javascript:'in which context does this run?';"> if it says: <iframe sandbox-src="javascript:document.cookie;"> it prints the host's site cookie? -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China On Wed, Jan 13, 2010 at 10:18 AM, sird@rckc.at <sird@rckc.at> wrote: > this is a great idea! but I think that legacy browsers will prompt a > <download file> dialog if they dont support it. > > why not putting the sandboxed URL inside the sandbox attribute? anyway, > it's just a suggestion, the new mime type is a great idea, now sandbox makes > sense! > > <iframe sandbox="http://thesite.com/thesandboxed.html" > sandboxsomething="no-scripts no-frames"> > > Greetings!! > -- Eduardo > http://www.sirdarckcat.net/ > > Sent from Hangzhou, 33, China > > On Wed, Jan 13, 2010 at 10:08 AM, Roy T. Fielding <fielding@gbiv.com>wrote: > >> On Jan 12, 2010, at 5:51 PM, Ian Hickson wrote: >> >> > In response to implementor feedback regarding the sandbox="" feature of >> > <iframe> in the WHATWG list [1], and based in part on a 2007 research >> > paper from Microsoft [2], I have introduced a new MIME type for HTML >> > (text/sandboxed-html) that is identical to text/html in every way except >> > one critical aspect: resources served with this MIME type are forced >> into >> > a unique security origin context. >> >> I would prefer a media type of "text/html-sandboxed", since that places >> the two types next to each other in a sorted list and allows easier >> prefix-matching when desired. >> >> ....Roy >> >> >> >Received on Wednesday, 13 January 2010 02:20:54 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:07 UTC