- From: Jon Barnett <jonbarnett@gmail.com>
- Date: Tue, 15 May 2007 16:37:37 -0500
On 5/15/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote: > > The OP probably meant that maintaining so many contexts would cause a > comparable deterioration in performance. All user comments should be put > in > one security context. > With all comments grouped together in such a manner, you could even use an > inline frame. > Chris I really think comments are a bad use case. Why would someone allow scripts in comments in any context, much less a sandboxed one? The best use case I have thought of so far is MySpace et. al., a site where users have their own page with limited permission in the context of the overall site. MySpace solves this by not allowing scripts at all, as most such web sites do. If possible, such sites might allow a user to insert widget scripts with limited permissions. For this use case, iframe isn't ideal, either, but limited scripting and styling are desired. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20070515/41a62c5c/attachment.htm>
Received on Tuesday, 15 May 2007 14:37:37 UTC