- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 7 Jun 2012 22:18:12 +0000 (UTC)
- To: Andri Sævar Sigríksson <ass57@hi.is>
- Cc: whatwg@whatwg.org
- Message-ID: <Pine.LNX.4.64.1206072217500.378@ps20323.dreamhostps.com>
On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>
> i would like to suggest a limited context
> for embedding JavaScript/html in a websites
>
> i would suggest having few sets of profiles
>
> and maybe user/website-designer defined
>
> the syntax may be something like this
>
> limited
> {
>
> ////code
>
> }
>
> i don't think this would be difficult to implement
> web-browsers simply needs to ignore things that would not be allowed
>
> example
>
> limited
> {
> <script>
> alert("Hello! I am an alert box!");
> </script>
>
> <canvas id="example" width="200" height="200">
>
> }
>
> in this instance the web-browser would ignore alert
>
>
> i think its every reason to implement this
> a lot of websites that allow embeding
> only allow flash or very limit html like img or <a href="url">Link text</a>
> simply because allowing any more that would subject the website to unwanted
> manipulation and hacks
>
> but with this limited context would allow websites
> allow embedding more freely for JavaScript/html without the risk
Does the <iframe sandbox> feature recently added to HTML adequately
address your use cases?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 7 June 2012 22:18:41 UTC