ian, isnt allow-same-origin confusing? since if its same origin what stops you from linking it and bypassing those protections. greetz! On Dec 6, 2009 5:25 PM, "Ian Hickson" <ian@hixie.ch> wrote: On Sun, 6 Dec 2009, sird@rckc.at wrote: > > yeah, that's exactly what I was talking about: > http:/... <iframe sandbox src=""> is intended primarily for cross-origin embedding, not same-origin. For same-origin, we'll probably add <iframe sandbox doc="">, with inline source. > And if developers start using the example that is given in the spec, > then a lot of people (de... I'll add some text mentioning this case. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 6 December 2009 09:30:44 UTC