Re: Question on Iframe sandbox attribute and allow-forms keyword

On May 11, 2010, at 10:26 AM, Abhishek Arya wrote:

> Hi All,
>
> I have a question on the iframe sandbox attribute -
> http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox 
> .
>
> Q1: If allow-forms keyword is not set, do the forms need to be
> completely disabled ? Does disabled only mean to block form submission
> or disable the form control altogether for user input (as in
> http://www.w3.org/TR/html5/forms.html#attr-fe-disabled).
> Q2: Would the input elements outside of form be disabled as well ? I
> think not, right ?
>
>> From Spec, i see two statements::
> 1. "When the attribute (sandbox) is set, the content is treated as
> being from a unique origin, forms and scripts are disabled, links are
> prevented from targeting other browsing contexts, and plugins are
> disabled. "
>
> 2. "The sandboxed forms browsing context flag, unless the sandbox
> attribute's value, when split on spaces, is found to have the
> allow-forms keyword set
>     This flag blocks form submission."

 From what you quote, it sounds like it should only block form  
submission, but should not disable form controls.

Regards,
Maciej

Received on Tuesday, 11 May 2010 19:13:20 UTC