Re: iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces) from Jim Manico on 2015-02-09 (public-webappsec@w3.org from February 2015)

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 9 Feb 2015 13:27:07 +0100
To: Mike West <mkwst@google.com>
Cc: Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <6868426390256313552@unknownmsgid>

> It would be great
to hear from you and others about why it is unrealistic now.

If you want to get premium-level compensation from some ad providers
then you need to give them full DOM access.  This "goes away" in a
world where ads are fully sandboxed or not allowed DOM access.

I am just wondering is the end game to shut this down or perhaps
provide a more flexible sandbox? I am hoping a flexible sandbox is the
end game.

If there is a configurable ad-friendly web standard for DOM accessible
advertising, please point me in the direction.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 9, 2015, at 12:55 PM, Mike West <mkwst@google.com> wrote:
>
> It would be great
> to hear from you and others about why it is unrealistic now.

Received on Monday, 9 February 2015 12:27:36 UTC