- From: Abhishek Arya <aarya@google.com>
- Date: Tue, 11 May 2010 10:26:21 -0700
- To: public-html@w3.org
Hi All, I have a question on the iframe sandbox attribute - http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox. Q1: If allow-forms keyword is not set, do the forms need to be completely disabled ? Does disabled only mean to block form submission or disable the form control altogether for user input (as in http://www.w3.org/TR/html5/forms.html#attr-fe-disabled). Q2: Would the input elements outside of form be disabled as well ? I think not, right ? >From Spec, i see two statements:: 1. "When the attribute (sandbox) is set, the content is treated as being from a unique origin, forms and scripts are disabled, links are prevented from targeting other browsing contexts, and plugins are disabled. " 2. "The sandboxed forms browsing context flag, unless the sandbox attribute's value, when split on spaces, is found to have the allow-forms keyword set This flag blocks form submission." Thanks and Regards, Abhishek Arya Google Chrome Security Team
Received on Tuesday, 11 May 2010 18:59:31 UTC