W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2009

[whatwg] The <iframe> element and sandboxing ideas

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 13 Feb 2009 23:11:38 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0902132310030.28232@hixie.dreamhostps.com>
On Sat, 24 May 2008, Ojan Vafai wrote:
> So, the whole point of these is defining elements that are isolated from 
> their surrounding context on different axes. Same origin iframes 
> currently just give you CSS isolation. sandbox affords script isolation. 
> seamless affords the ability to turn off the CSS isolation.
> Seems to me that we need a third property which controls event 
> isolation. Currently events don't propagate in/out of iframes and event 
> coordinates are all relative to the iframe's viewport (e.g. on mouse 
> events).
> My first intuition was that seamless should also just propagate events 
> and have mouse coordinate be relative to the parent browsing context. 
> But I can think of cases where you would want to control the two 
> separately. For example, if you are especially concerned about 
> performance and don't want events in the parent browsing context to be 
> handled by the iframe's contents.

This is an interesting idea, but I think we should wait until we have more 
experience with sandbox="" and seamless="" before adding this feature. I 
am wary of adding too much at once.

(We could add it later by having seamless="allow-events" or some such.)

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 13 February 2009 15:11:38 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:09 UTC