- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 03 Aug 2011 08:32:09 +0200
- To: "Maciej Stachowiak" <mjs@apple.com>, "Jacob Rossi" <Jacob.Rossi@microsoft.com>
- Cc: "Paul Cotton" <Paul.Cotton@microsoft.com>, "'HTML WG LIST'" <public-html@w3.org>, "Sam Ruby (rubys@intertwingly.net)" <rubys@intertwingly.net>, "Adrian Bateman" <adrianba@microsoft.com>
On Wed, 03 Aug 2011 08:11:17 +0200, Jacob Rossi <Jacob.Rossi@microsoft.com> wrote: > I've put the change proposal on the wiki and incorporated the test case: > > http://www.w3.org/html/wg/wiki/ChangeProposals/text_html_sandboxed > > To be clear, the incorrect advertisement of text/html-sandboxed is only > part of our argument against it. The inability to specify allow-tokens > or to sandbox content other than text/html severely limits the > usefulness of the MIME type as well. I think the inability to specify allow-tokens stems from the fact that the content is supposed to be included in an <iframe> where you can set such tokens. I am not sure what other content would need to be sandboxed. Do you have examples of sites putting embedded untrusted content other than HTML on third-party servers that would need to be sandboxed if hosted on the same server? -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 3 August 2011 06:32:47 UTC