[whatwg] Sandboxing ideas

On Mon, 14 May 2007 22:29:57 +0200, Michel Fortin  
<michel.fortin at michelf.com> wrote:

> I was pointing out a solution for the problem of separate HTTP requests  
> on a forum page. Used in conjunction with some previously-suggested  
> security attributes on <iframe>, it could do a pretty good sandbox for  
> use comments on a page.
>
> If you want the sandbox to degrade securely in older browsers, then this  
> is not a solution.

Yes, I want the sandbox to degrade securely, as does any webmaster who  
might be going to allow some user-supplied scripting while relying on  
sandboxing for security. To cover its use cases, this feature must degrade  
securely.

> But I don't think there's a nice solution to that anyway.

This does degrade securely, doesn't require separate HTTP requests, and  
maintains human readability.
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2005-December/005301.html

However, I admin that it's not quite ?nice? (as in ??sthetics?).


-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com

Received on Monday, 14 May 2007 14:11:20 UTC