Re: Understanding the security model for the sandbox directive

On Wed, 9 Nov 2011, Adam Barth wrote:
> The issue is that an attacker can load the document in a frame that 
> lacks the sandbox attribute.  The server hosting the content wishes for 
> it to be sandboxed whenever possible.

That makes sense.

If you need any help linking CSP to the sandbox stuff, let me know; I can 
provide any hooks necessary in HTML to help with this.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 10 November 2011 00:19:26 UTC