W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: text/sandboxed-html

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 12 Jan 2010 21:45:21 -0500
Message-ID: <4B4D33C1.70301@mit.edu>
To: Maciej Stachowiak <mjs@apple.com>
CC: Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
On 1/12/10 9:41 PM, Maciej Stachowiak wrote:
> I don't think it is a problem. My understanding is that a major goal for
> text/html-sandboxed is to protect against an attacker loading a resource
> that is only meant to be served sandboxed in a non-sandboxed context.

Ah, I see.  OK, that makes sense.

My concern was whether sites would choose to use this if it meant that 
<iframe sandbox> in a browser with no sandbox support would do weird 
stuff with the content.  I guess doing weird stuff is certainly 
preferable to it being treated as HTML by said browser.  ;)

Received on Wednesday, 13 January 2010 02:45:56 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:07 UTC