Re: text/sandboxed-html

Maciej Stachowiak wrote:
> 
> On Jan 15, 2010, at 5:33 AM, Julian Reschke wrote:
> 
>> Ian Hickson wrote:
>>> In response to implementor feedback regarding the sandbox="" feature 
>>> of <iframe> in the WHATWG list [1], and based in part on a 2007 
>>> research paper from Microsoft [2], I have introduced a new MIME type 
>>> for HTML (text/sandboxed-html) that is identical to text/html in 
>>> every way except one critical aspect: resources served with this MIME 
>>> type are forced into a unique security origin context.
>>> ...
>>
>> For symmetry, we should also have
>>
>>  application/xhtml-sandboxed+xml
>>
>> right?
> 
> This actually would not have the desired behavior in legacy UAs, because 
> many (well, at least WebKit-based ones) will recognize any MIME type 
> ending in +xm as an XML type and will parse it as such.
> ...

Well, parsing it isn't a problem; right? Do they do more (sniff the 
namespace?).

BR, Julian

Received on Friday, 15 January 2010 19:03:40 UTC