- From: Mason Freed <notifications@github.com>
- Date: Thu, 05 Nov 2020 20:40:27 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/dom/issues/912/722810930@github.com>
> Re: Document Policy, which is available in Chromium as of M86, and is currently used for the opt-out for scroll-to-text. @clelland thanks for this context - that's very helpful. I can check out the scroll-to-text spec to use as a template for this change. > In general, I'd much rather see features like this defined in terms of Document Policy than Sandbox; sandboxing has some very un-ergonomic properties. Adding this to sandbox means that it is automatically disabled by default in every sandboxed frame; it also means that a developer wanting to disable just this feature would have to use <iframe sandbox> and then specifically re-enable every other sandbox feature. (And keep that list up to date if other sandbox flags are added). > > One question to ask right now is whether frames should be allowed to set this flag independently of their parent frames; sandbox does not allow that, ever -- if disabled in one frame, it is necessarily disabled in all of its subframes. Document policy allows a frame to disable a feature, without necessarily imposing the same restrictions on embedded content. (The spec does include a way to impose restrictions like that on subframes, like sandbox does, but that mode is not shipped yet.) Ok, this sounds promising. I'll take a look at Document Policy for this feature. Side note, it actually sounds like the sandbox feature itself runs afoul of #913 in some way. But I'll leave that as a pure side note for now. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/912#issuecomment-722810930
Received on Friday, 6 November 2020 04:40:42 UTC