- From: Adam Barth <whatwg@adambarth.com>
- Date: Sun, 24 Jan 2010 12:19:10 +0100
On Sun, Jan 24, 2010 at 11:52 AM, Ian Hickson <ian at hixie.ch> wrote: > On Fri, 11 Dec 2009, Michal Zalewski wrote: >> 2.1) The ability to disable loading of external resources (images, >> scripts, etc) in the sandboxed document. The common usage scenario is >> when you do not want the displayed document to "phone home" for privacy >> reasons, for example in a web mail system. > > Good point. Should we make sandbox="" disable off-origin network requests? In general, stopping malicious content from exfiltrating data isn't practical. For example, even including a single hyperlink is often sufficient to exfiltrate a large amount of data. In user agents that prefetch DNS, the user doesn't even need to click on the link. > On Sun, 13 Dec 2009, Adam Barth wrote: >> I'm very interested in a solution that works for the following use >> cases: >> >> 1) A web page wants to display untrusted (i.e., restricted) HTML >> received via cross-site XMLHttpRequest or postMessage. > > Do you have a concrete use case for which <iframe> doesn't work? <iframe sandbox srcdoc> might work nicely for this use case, actually, especially because setting srcdoc from the DOM removes the need to escape ". Adam
Received on Sunday, 24 January 2010 03:19:10 UTC