Re: CSP XML Data with tokens from gaz Heyes on 2011-01-28 (public-web-security@w3.org from January 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Fri, 28 Jan 2011 10:23:12 +0000
To: Adam Barth <w3c@adambarth.com>
Cc: "sird@rckc.at" <sird@rckc.at>, Devdatta Akhawe <dev.akhawe@gmail.com>, Michal Zalewski <lcamtuf@coredump.cx>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
Message-ID: <AANLkTimjDrdX5mcLnkAPd8WsYBhF2U6hq4P6yDePCZCG@mail.gmail.com>

On 28 January 2011 10:09, Adam Barth <w3c@adambarth.com> wrote:

> The reason we use iframe for this purpose is because iframe is
> basically the only isolation primitive we have in the web platform
> today.
>

I'm not saying a iframe sandbox is a bad thing, I'm just saying it isn't fit
for this purpose

Received on Friday, 28 January 2011 10:23:44 UTC