W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Please consider dropping the "sandbox" attribute from the <iframe> element

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 1 Aug 2010 21:31:26 -0700
Message-ID: <AANLkTikeux7kuZfRX2CJsstnj1ahfvmuDY1ZGyaPWDWk@mail.gmail.com>
There's been a lot of security review, both on this list and in the
W3C HTML WG.  I've been meaning to write up a summary of all the
discussion, but I haven't gotten around to it yet.  We ended up
tweaking a few aspects, but generally the design seems solid.


On Sun, Aug 1, 2010 at 6:59 PM, Tantek ?elik <tantek at cs.stanford.edu> wrote:
> Summary: The new 'sandbox' feature on <iframe> should be considered
> for removal. It needs a security review, it will be a lot of work to
> implement properly, and may not actually solve the problem it is
> intending to solve.
> More details here:
> http://wiki.whatwg.org/wiki/Iframe_Sandbox
> I encourage fellow web authors and browser implementers to add their
> opinions/comments to that wiki page.
> Thanks!
> Tantek
> --
> http://tantek.com/ - I made an HTML5 tutorial! http://tantek.com/html5
Received on Sunday, 1 August 2010 21:31:26 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:25 UTC