Re: [w3c/browser-payment-api] Shouldn't HTMLIFrameElement. allowPaymentRequest go into "sandbox"? (#311) from Rouslan Solomakhin on 2016-11-16 (public-webpayments-specs@w3.org from November 2016)

From: Rouslan Solomakhin <notifications@github.com>
Date: Wed, 16 Nov 2016 06:00:23 -0800
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/311/260953332@github.com>

It should not go into `sandbox`, because `sandbox` is for blocking features that are allowed by default. For example, `<iframe>` allows form submission and script execution, but `<iframe sandbox>` does not. We want to disable `PaymentRequest` in `<iframe>` by default, which is more similar to how `allowfullscreen` operates.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/311#issuecomment-260953332

Received on Wednesday, 16 November 2016 14:01:40 UTC