W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: text/sandboxed-html

From: Maciej Stachowiak <mjs@apple.com>
Date: Fri, 15 Jan 2010 10:51:18 -0800
Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
Message-id: <DEBA6392-F2AC-436C-BCF0-13AAA278C3EF@apple.com>
To: Julian Reschke <julian.reschke@gmx.de>

On Jan 15, 2010, at 5:33 AM, Julian Reschke wrote:

> Ian Hickson wrote:
>> In response to implementor feedback regarding the sandbox=""  
>> feature of <iframe> in the WHATWG list [1], and based in part on a  
>> 2007 research paper from Microsoft [2], I have introduced a new  
>> MIME type for HTML (text/sandboxed-html) that is identical to text/ 
>> html in every way except one critical aspect: resources served with  
>> this MIME type are forced into a unique security origin context.
>> ...
> For symmetry, we should also have
>  application/xhtml-sandboxed+xml
> right?

This actually would not have the desired behavior in legacy UAs,  
because many (well, at least WebKit-based ones) will recognize any  
MIME type ending in +xm as an XML type and will parse it as such.

Received on Friday, 15 January 2010 18:51:52 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:07 UTC