- From: Tim Streater <tim@clothears.org.uk>
- Date: 08 Jun 2012 10:42 +0100
- To: Ian Hickson <ian@hixie.ch>, Andri Sævar Sigríksson <ass57@hi.is>
- Cc: whatwg@whatwg.org
- Message-Id: <20120608094257.111A36DB529@homiemail-mx21.g.dreamhost.com>
On 07 Jun 2012 at 23:18, Ian Hickson <ian@hixie.ch> wrote: > On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote: >> >> i would like to suggest a limited context >> for embedding JavaScript/html in a websites >> i don't think this would be difficult to implement >> web-browsers simply needs to ignore things that would not be allowed >> i think its every reason to implement this >> a lot of websites that allow embeding >> only allow flash or very limit html like img or <a href="url">Link text</a> >> simply because allowing any more that would subject the website to unwanted >> manipulation and hacks >> >> but with this limited context would allow websites >> allow embedding more freely for JavaScript/html without the risk > > Does the <iframe sandbox> feature recently added to HTML adequately > address your use cases? I thought iframe sandbox would suit my particular use case (where I receive what purports to be html and have to do some sanitisation before loading it into an iframe) but I still want to be able to click a link in the iframe and have it behave as if the link had target="_blank". Unfortunately there is no attribute for that in sandbox="<attribute-string>". -- Cheers -- Tim
Received on Friday, 8 June 2012 09:43:29 UTC