W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

Re: [whatwg] suggestion limited context

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 7 Jun 2012 22:18:12 +0000 (UTC)
To: Andri Sævar Sigríksson <ass57@hi.is>
Message-ID: <Pine.LNX.4.64.1206072217500.378@ps20323.dreamhostps.com>
Cc: whatwg@whatwg.org
On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>
> i would like to suggest a limited context
> for embedding JavaScript/html  in a websites
> 
> i would suggest having few sets of  profiles
> 
> and maybe user/website-designer defined
> 
> the syntax may be something like this
> 
> limited
> {
> 
> ////code
> 
> }
> 
> i don't think this would be difficult to implement
> web-browsers  simply  needs to ignore things that would not be allowed
> 
> example
> 
> limited
> {
> <script>
> alert("Hello! I am an alert box!");
> </script>
> 
> <canvas id="example" width="200" height="200">
> 
> }
> 
> in this instance the web-browser  would ignore alert
> 
> 
> i think its every reason to implement this
> a lot of websites that allow embeding
> only allow flash or very limit html like img or <a href="url">Link text</a>
> simply because allowing any more that would subject the website to unwanted
> manipulation and hacks
> 
> but with  this limited context would allow websites
> allow embedding more freely for JavaScript/html without the risk

Does the <iframe sandbox> feature recently added to HTML adequately 
address your use cases?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 7 June 2012 22:18:41 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC