- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Wed, 6 May 2009 14:04:42 -0700
On Wed, May 6, 2009 at 9:56 AM, Philip Taylor
<excors+whatwg at gmail.com<excors%2Bwhatwg at gmail.com>
> wrote:
> Could <iframe sandbox> work as a workaround?
>
> var iframe = document.createElement('iframe');
> iframe.sandbox = ''; // (um, I hope this is right? I'm guessing
> any non-null/undefined value enables sandboxing, or something)
> iframe.seamless = true;
> iframe.src = 'data:text/html,'+encodeURIComponent(tweet);
> document.getElementById('whatwg_tweet').appendChild(iframe);
>
Seamless sandboxed IFRAMEs are probably harder to implement, probably
heavier-weight, and won't work in all situations, such as if you want to get
safe inline content or want to safely manipulate the content before
displaying it.
Rob
--
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090506/b2d8ff88/attachment.htm>
Received on Wednesday, 6 May 2009 14:04:42 UTC