- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 7 Jun 2012 22:18:12 +0000 (UTC)
- To: Andri Sævar Sigríksson <ass57@hi.is>
- Cc: whatwg@whatwg.org
- Message-ID: <Pine.LNX.4.64.1206072217500.378@ps20323.dreamhostps.com>
On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote: > > i would like to suggest a limited context > for embedding JavaScript/html in a websites > > i would suggest having few sets of profiles > > and maybe user/website-designer defined > > the syntax may be something like this > > limited > { > > ////code > > } > > i don't think this would be difficult to implement > web-browsers simply needs to ignore things that would not be allowed > > example > > limited > { > <script> > alert("Hello! I am an alert box!"); > </script> > > <canvas id="example" width="200" height="200"> > > } > > in this instance the web-browser would ignore alert > > > i think its every reason to implement this > a lot of websites that allow embeding > only allow flash or very limit html like img or <a href="url">Link text</a> > simply because allowing any more that would subject the website to unwanted > manipulation and hacks > > but with this limited context would allow websites > allow embedding more freely for JavaScript/html without the risk Does the <iframe sandbox> feature recently added to HTML adequately address your use cases? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 7 June 2012 22:18:41 UTC