Re: Seamless iframes + CSS3 selectors = bad idea from sird@rckc.at on 2009-12-06 (public-web-security@w3.org from December 2009)

From: <sird@rckc.at>
Date: Sun, 6 Dec 2009 15:10:04 +0800
To: Maciej Stachowiak <mjs@apple.com>
Cc: "sird@rckc.at" <sird@rckc.at>, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
Message-ID: <8ba534860912052310p316721dr3e9326751542a6d@mail.gmail.com>

ok understood.

anyway i will start another thread regarding sandbox iframes... i think they
are useless.. but maybe its a misunderstanding.

greetings!!

On Dec 6, 2009 3:06 PM, "Maciej Stachowiak" <mjs@apple.com> wrote:

On Dec 5, 2009, at 10:58 PM, sird@rckc.at wrote: > iirc sandboxed iframes
cant frame.
My reading of the spec (confirmed by Hixie) is that sandboxed iframes can
frame - perhaps they should not be able to.

> > in any case sandbox iframes are a joke unless you use data URIs.. that
should be cross origin a...
Not setting the allow-same-origin flag makes them about as restricted as
using a data: URI.

 - Maciej

> >> On Dec 6, 2009 2:55 PM, "Maciej Stachowiak" <mjs@apple.com> wrote: >>
>> On Dec 5, 2009, at 1...

Received on Sunday, 6 December 2009 07:10:44 UTC