- From: Maciej Stachowiak <mjs@apple.com>
- Date: Fri, 15 Jan 2010 10:51:18 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org, public-web-security@w3.org
On Jan 15, 2010, at 5:33 AM, Julian Reschke wrote: > Ian Hickson wrote: >> In response to implementor feedback regarding the sandbox="" >> feature of <iframe> in the WHATWG list [1], and based in part on a >> 2007 research paper from Microsoft [2], I have introduced a new >> MIME type for HTML (text/sandboxed-html) that is identical to text/ >> html in every way except one critical aspect: resources served with >> this MIME type are forced into a unique security origin context. >> ... > > For symmetry, we should also have > > application/xhtml-sandboxed+xml > > right? This actually would not have the desired behavior in legacy UAs, because many (well, at least WebKit-based ones) will recognize any MIME type ending in +xm as an XML type and will parse it as such. Regards, Maciej
Received on Friday, 15 January 2010 18:51:51 UTC