W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Time to work on a Rec track JS sandbox? was: CSP and innerHTML

From: Eduardo' Vela <evn@google.com>
Date: Thu, 2 May 2013 11:15:41 -0700
Message-ID: <CAFswPa8b-S0vcJEFGV9oSLJyZv1_ytfg1kyWgP+-MbPBcGLatg@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "Carson, Cory" <Cory.Carson@boeing.com>, Ian Melven <imelven@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
An API that allows us to play with the DOM in a programmatic way (CSP is a
directive, for example, it would be nice if there was a way to be asked if
doing X is OK).

   - This seems similar to clearing the DOM and doing a bunch of
   document.register calls. Maybe we can have a way of saying
   document.open('text/html', null) to get a document without any registered
   DOM elements?
   - One could possibly achieve this with XML and document.register maybe?
Received on Thursday, 2 May 2013 18:16:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC