Re: ISSUE-166 html-sandboxed: Chairs Solicit Proposals

On Wed, 03 Aug 2011 08:11:17 +0200, Jacob Rossi  
<Jacob.Rossi@microsoft.com> wrote:
> I've put the change proposal on the wiki and incorporated the test case:
>
> http://www.w3.org/html/wg/wiki/ChangeProposals/text_html_sandboxed
>
> To be clear, the incorrect advertisement of text/html-sandboxed is only  
> part of our argument against it. The inability to specify allow-tokens  
> or to sandbox content other than text/html severely limits the  
> usefulness of the MIME type as well.

I think the inability to specify allow-tokens stems from the fact that the  
content is supposed to be included in an <iframe> where you can set such  
tokens.

I am not sure what other content would need to be sandboxed. Do you have  
examples of sites putting embedded untrusted content other than HTML on  
third-party servers that would need to be sandboxed if hosted on the same  
server?


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Wednesday, 3 August 2011 06:32:47 UTC