- From: Michel Fortin <michel.fortin@michelf.com>
- Date: Mon, 14 May 2007 16:29:57 -0400
Le 2007-05-14 ? 16:02, Jon Barnett a ?crit : > On 5/14/07, Michel Fortin <michel.fortin at michelf.com> wrote: > Le 2007-05-14 ? 11:35, Alexey Feldgendler a ?crit : > > > I'd treat these two problems as equally important. A separate HTTP > > request per forum comment on the page is completely unacceptable. > > What about encoding the content of each comment iframe in a "data:" > URI? > > The contents of an iframe with a data: URI source should be > trusted, unlike an iframe with an http: URI source from another > domain. A script in an iframe with a data: URI source should, by > default, be able to communicate with the parent window. So, that > alone doesn't solve the problem. I was pointing out a solution for the problem of separate HTTP requests on a forum page. Used in conjunction with some previously- suggested security attributes on <iframe>, it could do a pretty good sandbox for use comments on a page. If you want the sandbox to degrade securely in older browsers, then this is not a solution. But I don't think there's a nice solution to that anyway. Michel Fortin michel.fortin at michelf.com http://www.michelf.com/
Received on Monday, 14 May 2007 13:29:57 UTC