Re: CSP XML Data with tokens

On Fri, Jan 28, 2011 at 1:52 AM, gaz Heyes <gazheyes@gmail.com> wrote:
> On 28 January 2011 09:32, sird@rckc.at <sird@rckc.at> wrote:
>>
>> <iframe sandbox="allow-same-origin" seamless="seamless" srcdoc="your
>> html content here"></iframe>
>
> Ok but there are a few problems here, if you replace the target div with a
> iframe what if a site contains a rule like div { position:absolute; } or any
> other style, how could that work? How do you know which content to replace
> with a sandboxed iframe? How would you apply more restrictions to the HTML?
> More attributes?  Seems like a ugly hack to me using a iframe for this
> purpose

The reason we use iframe for this purpose is because iframe is
basically the only isolation primitive we have in the web platform
today.

Adam

Received on Friday, 28 January 2011 10:10:54 UTC