- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 21 Aug 2010 04:45:07 +0000 (UTC)
On Sat, 21 Aug 2010, Robert O'Callahan wrote: > On Sat, Aug 21, 2010 at 8:24 AM, Ian Hickson <ian at hixie.ch> wrote: > > > > One comment: Rather than adding an "allowfullscreen" attribute on > > <iframe>, I would suggest just assuing that sandboxed content (i.e. > > content of iframes with the sandbox="" attribute) can't go fullscreen. > > I can provide a sandbox flag for this state. If we think there are use > > cases for allowing sandboxed iframes to go fullscreen, then I can also > > add a keyword that turns off the flag when present (like > > "allow-scripts" does for scripts). (I'm assuming there are no cases > > for disabling fullscreen for unsandboxed iframes; are there?) > > What about legacy content that doesn't use "sandbox"? It might expect > cross-origin IFRAMEs to not be able to take over its window, but if the > IFRAME content goes fullscreen, it effectively can. > > I think allowing subframes to go fullscreen should always be opt-in. You're completely right, sorry. I had this backwards. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 20 August 2010 21:45:07 UTC