- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 12 Jan 2010 18:21:05 -0800
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
On Jan 12, 2010, at 6:08 PM, Roy T. Fielding wrote: > On Jan 12, 2010, at 5:51 PM, Ian Hickson wrote: > >> In response to implementor feedback regarding the sandbox="" >> feature of >> <iframe> in the WHATWG list [1], and based in part on a 2007 research >> paper from Microsoft [2], I have introduced a new MIME type for HTML >> (text/sandboxed-html) that is identical to text/html in every way >> except >> one critical aspect: resources served with this MIME type are >> forced into >> a unique security origin context. > > I would prefer a media type of "text/html-sandboxed", since that > places > the two types next to each other in a sorted list and allows easier > prefix-matching when desired. That does seem like a potential improvement, so long as "text/html- sandboxed" has the same effect of load failure in legacy UAs (I haven't tested). - Maciej
Received on Wednesday, 13 January 2010 02:21:40 UTC