- From: Andrew Fedoniouk <news@terrainformatica.com>
- Date: Wed, 21 May 2008 16:45:32 -0700
- To: Ian Hickson <ian@hixie.ch>
- CC: whatwg <whatwg@whatwg.org>, HTMLWG <public-html@w3.org>, public-webapi@w3.org
Ian Hickson wrote:
>
> Summary:
>
> * I've added a sandbox="" attribute to <iframe>, which by default
> disables a number of features and takes a space-separated list of
> features to re-enable:
>
...
Makes sense, Ian.
Additionally to this, what about adding <meta> tag that disables or
limits features of the page if it is running inside <frame> or <iframe>?
Say something like this:
<html>
<head>
<meta name="allowed-context" value="standalone-only" />
</head>
...
</html>
That may prevent some types of malicious uses.
--
Andrew Fedoniouk.
http://terrainformatica.com
Received on Wednesday, 21 May 2008 23:44:15 UTC