W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Please consider dropping the "sandbox" attribute from the <iframe> element

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 25 Aug 2010 19:19:35 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1008251916290.1138@ps20323.dreamhostps.com>
On Sun, 1 Aug 2010, Tantek ?~Gelik wrote:
> In speaking with fellow developers at Mozilla, I've collected the 
> following feedback:
> The sandbox feature and functionality needs a thorough security review.

I encourage browser vendors to perform thorough security reviews of 
_anything_ they implement.

> It will be a lot of work to implement properly.

This is possible, yes. There exists at least one implementation already, 
though, so it does not seem to be excessive work.

> It may not actually solve the problem it is intending to solve.

Could you elaborate on this?

I haven't removed the feature, since it has solid use cases and 
implementations have begun.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 25 August 2010 12:19:35 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:26 UTC