W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] @srcdoc and default @sandbox

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 31 Aug 2010 15:39:08 -0700
Message-ID: <AANLkTimRUvXA-CXGf586XF94GdFWDSwP=bYBDZtiQk7g@mail.gmail.com>
2010/8/31 Kornel Lesi?ski <kornel at geekhood.net>:
> On Mon, 30 Aug 2010 23:13:04 +0100, Justin Schuh <jschuh at chromium.org>
> wrote:
>>> At least as currently drafted, srcdoc is not a security feature. It's a
>>> convenience feature. It is also designed to work well in tandem with a
>>> particular security feature (sandbox). But by itself, it is not a security
>>> feature.
>>
>> Data URLs already provide this.
>
> What about existing UAs that implement data: URIs, but not sandbox?

What about them?

(Remember, the context of the "use data urls" suggestion was to solve
the minority use-case of wanting to fill an <iframe> without a network
request, without triggering sandboxing.)

~TJ
Received on Tuesday, 31 August 2010 15:39:08 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:26 UTC