[whatwg] Sandboxing scripts: call for a wider discussion

On Sun, 22 Jan 2006, Alexey Feldgendler wrote:
> 
> However, the ideas about sandboxing have been neither accepted nor rejected by
> others on this list, and the proposal didn't make it to WA1 current-work. It's
> a pity that these ideas are getting ignored [...]

Worry not, they're not being ignored. There are hundreds of good ideas 
being suggested to this list; all will be examined and responded to before 
the spec is finished. Currently the focus is on the parser section.

I agree that sandboxing is very important. There are some big problems 
with it -- how to get some level of backwards compatibility without 
exposing 99% of users to security risks, how to make it possible to 
sandbox arbitrary content (that can't, e.g., do:

   document.write("</sandbox>");

...or similar), how to enable all this without requiring multiple global 
scope objects, etc.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Sunday, 22 January 2006 19:14:02 UTC