- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 17 Jun 2008 13:50:57 +0200
On Tue, 17 Jun 2008 06:09:55 +0200, Frode B?rli <frode at seria.no> wrote: > Hi! I am a new member of this mailing list, and I wish to contribute > with a couple of specific requirements that I believe should be > discussed and > perhaps implemented in the final specification. I am unsure if this is > the correct place to post my ideas (or if my ideas are even new), but if > it is not, then I am sure somebody will instruct me. :) One person told > me that > the specification was finished and no new features would be added from > now on - but hopefully that is not true. That is actually true. However, sandboxing has been proposed in the past and is therefore still considered in scope. (Unless of course we decide it's out of scope, but given the sandboxing features already in the specification, I expect that to be not the case.) > One solution: > > <htmlarea>User generated content</htmlarea> As you note this solution has significant issues. Besides inserting </htmlarea> it would also allow execution of scripts in legacy user agents and is therefore not really backwards compatible. I believe the idea to deal with this is to add another attribute to <iframe>, besides sandbox="" and seamless="" we already have for sandboxing. This attribute, doc="", would take a string of markup where you would only need to escape the quotation character used (so either ' or "). The fallback for legacy user agents would be the src="" attribute. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 17 June 2008 04:50:57 UTC