- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 12 Jan 2007 22:14:44 +0100
On Fri, 12 Jan 2007 22:09:40 +0100, Asbj?rn Ulsberg <asbjorn at tigerstaden.no> wrote: >> Use an <iframe> and use cross-document messaging? This has been >> discussed a lot by the way. > > Frames are a terrible solution. The content is after all a part of the > page it's hosted in, but we want to sandbox it to make sure it can't do > any harm. The proposed alternative is severely underdefined and won't work for the foreseeable future anyway. > Let's say we'd like to sandbox anonymous user-contributed comments on a > blog, but not comments from logged in users. That would require all > anonymous comments to be placed within an iframe. For 100 anonymous > comments, that's 100 iframes on a single web page. Don't tell me that's > an elegant solution. Why wouldn't have you have comment sanitization? Nope that you could use data: URIs on the <iframe>s. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 12 January 2007 13:14:44 UTC