Re: text/sandboxed-html

On 1/12/10 9:41 PM, Maciej Stachowiak wrote:
> I don't think it is a problem. My understanding is that a major goal for
> text/html-sandboxed is to protect against an attacker loading a resource
> that is only meant to be served sandboxed in a non-sandboxed context.

Ah, I see.  OK, that makes sense.

My concern was whether sites would choose to use this if it meant that 
<iframe sandbox> in a browser with no sandbox support would do weird 
stuff with the content.  I guess doing weird stuff is certainly 
preferable to it being treated as HTML by said browser.  ;)


Received on Wednesday, 13 January 2010 02:45:55 UTC