- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 10 Nov 2011 00:19:01 +0000 (UTC)
- To: Adam Barth <w3c@adambarth.com>
- cc: public-web-security@w3.org, Jacob Rossi <jrossi@microsoft.com>
On Wed, 9 Nov 2011, Adam Barth wrote: > > The issue is that an attacker can load the document in a frame that > lacks the sandbox attribute. The server hosting the content wishes for > it to be sandboxed whenever possible. That makes sense. If you need any help linking CSP to the sandbox stuff, let me know; I can provide any hooks necessary in HTML to help with this. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 10 November 2011 00:19:26 UTC