Re: ISSUE-166 html-sandboxed: Chairs Solicit Proposals

On Wed, 03 Aug 2011 08:11:17 +0200, Jacob Rossi  
<> wrote:
> I've put the change proposal on the wiki and incorporated the test case:
> To be clear, the incorrect advertisement of text/html-sandboxed is only  
> part of our argument against it. The inability to specify allow-tokens  
> or to sandbox content other than text/html severely limits the  
> usefulness of the MIME type as well.

I think the inability to specify allow-tokens stems from the fact that the  
content is supposed to be included in an <iframe> where you can set such  

I am not sure what other content would need to be sandboxed. Do you have  
examples of sites putting embedded untrusted content other than HTML on  
third-party servers that would need to be sandboxed if hosted on the same  

Anne van Kesteren

Received on Wednesday, 3 August 2011 06:32:47 UTC