W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

Re: [whatwg] suggestion limited context

From: Tim Streater <tim@clothears.org.uk>
Date: 08 Jun 2012 10:42 +0100
To: Ian Hickson <ian@hixie.ch>, Andri Sævar Sigríksson <ass57@hi.is>
Message-Id: <20120608094257.111A36DB529@homiemail-mx21.g.dreamhost.com>
Cc: whatwg@whatwg.org
On 07 Jun 2012 at 23:18, Ian Hickson <ian@hixie.ch> wrote: 

> On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>>
>> i would like to suggest a limited context
>> for embedding JavaScript/html  in a websites

>> i don't think this would be difficult to implement
>> web-browsers  simply  needs to ignore things that would not be allowed

>> i think its every reason to implement this
>> a lot of websites that allow embeding
>> only allow flash or very limit html like img or <a href="url">Link text</a>
>> simply because allowing any more that would subject the website to unwanted
>> manipulation and hacks
>>
>> but with  this limited context would allow websites
>> allow embedding more freely for JavaScript/html without the risk
>
> Does the <iframe sandbox> feature recently added to HTML adequately 
> address your use cases?

I thought iframe sandbox would suit my particular use case (where I receive what purports to be html and have to do some sanitisation before loading it into an iframe) but I still want to be able to click a link in the iframe and have it behave as if the link had target="_blank". Unfortunately there is no attribute for that in sandbox="<attribute-string>".

--
Cheers  --  Tim
Received on Friday, 8 June 2012 09:43:29 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC