Re: text/sandboxed-html

On Jan 15, 2010, at 5:33 AM, Julian Reschke wrote:

> Ian Hickson wrote:
>> In response to implementor feedback regarding the sandbox=""  
>> feature of <iframe> in the WHATWG list [1], and based in part on a  
>> 2007 research paper from Microsoft [2], I have introduced a new  
>> MIME type for HTML (text/sandboxed-html) that is identical to text/ 
>> html in every way except one critical aspect: resources served with  
>> this MIME type are forced into a unique security origin context.
>> ...
> For symmetry, we should also have
>  application/xhtml-sandboxed+xml
> right?

This actually would not have the desired behavior in legacy UAs,  
because many (well, at least WebKit-based ones) will recognize any  
MIME type ending in +xm as an XML type and will parse it as such.


Received on Friday, 15 January 2010 18:51:52 UTC