- From: Ian Hickson <ian@hixie.ch>
- Date: Sun, 17 Jan 2010 21:13:52 +0000 (UTC)
- To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Cc: Adam Barth <w3c@adambarth.com>, HTML WG <public-html@w3.org>
On Sun, 17 Jan 2010, Lachlan Hunt wrote: > Ian Hickson wrote: > > doc="" is only meant to be used with sandbox="". I can just make it > > not do anything at all if sandbox="" isn't specified, if that helps. > > Why not just make it easier and say that doc="" is always processed as > if sandbox="" were specified, even if the author didn't specific it > explicitly? Requiring the author to always remember to type <iframe > doc="..." sandbox=""> just seems redundant, unless they want to specify > some of the sandbox allow-* values. With security stuff, I'm very wary of making anything implicit, because implication is a common source of bugs. It's far easier to reason about things when they are "works"/"doesn't work"-type features with very explicit switches (like a sandbox attribute being present). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 17 January 2010 21:15:18 UTC