W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > July 2016

Re: [mediacapture-main] Iframe sandboxing options for gUM

From: Xidorn Quan via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Jul 2016 12:32:23 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-230465078-1467721942-sysbot+gh@w3.org>
I believe fullscreen is made that way because it preexists sandbox for
 some impl (which seems to be Gecko), and later other impls adopted 
that. IIRC, Gecko had a plan about converting `allowfullscreen` 
attribute to a sandbox flag, but never made it. (I failed to find 
that, though)

Given this, I suppose `allowfullscreen` is just an exception which we 
do not want to have any follower. New things should all go to sandbox 
rather than adding another `allowfullscreen`-like attribute.

Some reasons why I think we should prefer the sandbox way:

1. Using attribute makes logic unnecessarily more complicated. e.g. 
how should the new attribute interact with the sandbox mechanism? The 
logic was broken for fullscreen in the spec, and now we are going to 
completely decouple them.
2. Adding as a sandbox token allows external specs to make use of it. 
e.g. CSP spec reuses tokens of `sandbox` attribute to control the 
ability of even top level document. 

GitHub Notification of comment by upsuper
Please view or discuss this issue at 
 using your GitHub account
Received on Tuesday, 5 July 2016 12:32:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:30 UTC