- From: Rob Ennals <rje@google.com>
- Date: Thu, 18 Aug 2011 08:49:35 -0700
On Thu, Aug 18, 2011 at 1:53 AM, Anne van Kesteren <annevk at opera.com> wrote: > On Thu, 18 Aug 2011 00:51:39 +0200, Rob Ennals <rje at google.com> wrote: >> >> Thoughts? > > APIs fail with <iframe sandbox>. I don't think sandbox would be a problem. If scripts are disabled with <iframe sandbox> then the page wouldn't run the script that turns everything on. Similarly, if the browser doesn't support the extra APIs, then the script would know that it didn't have clickjacking protection, and would enter a more conservative mode - e.g. opening a new window to do particularly sensitive operations. > > > -- > Anne van Kesteren > http://annevankesteren.nl/ >
Received on Thursday, 18 August 2011 08:49:35 UTC