2010/1/21 Ian Hickson <ian@hixie.ch> > If you're using text/sandboxed-html, you're not targetting legacy UAs, so > I don't really think that's a problem we need to worry about. > Lets say the spec is finalised and a browser supports the new attribute. Nobody will use it because of the prompts. The majority of web sites aren't going to redirect legacy browsers and therefore the sandboxed iframe will fail because legacy browsers will dictate what web designers/developers do. The difficulty in detecting browsers and the average person's knowledge of DOM and how to detect features is going add to this mess. By providing a separate sandboxed src attribute the web developer can choose which items are sandboxed and then provide a mechanism or fallback url if they don't. This worked in the past and it can work now examples of this are:- <script></script> <noscript>You don't have javascript</noscript> <object>You don't support this object</object> By using this principle the web developer can easily provide legacy browsers with an alternative or a message:- <iframe sandbox-src="sandoxedcontent.html" src="browser_unsupported.html"></iframe>
Received on Tuesday, 26 January 2010 10:56:13 UTC