- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Mon, 26 Mar 2012 15:13:05 -0700
On 03/26/2012 02:37 PM, Ian Melven wrote:
> While working on implementing HTML5's iframe sandbox, I realized that in script, one can't
> tell the difference between these two cases : <iframe> and <iframe sandbox = ''>.
>
> In both cases, iframe.sandbox will be '' (the empty string). This is
> true in Webkit and IE10's implementations, as far as my testing can tell (and
> in my work-in-progress implementation for Firefox also).
element.hasAttribute('sandbox') should return false for the former case
and true for the later.
> There's also no way to clear sandboxing from an <iframe> without using something along
> the lines of .removeAttribute.
If you want to remove the sandbox attribute, isn't removeAttribute the
best way to do that?
> Due to this and some sentiment expressed by others at Mozilla against PutForwards
> (the HTML5 spec specifies [PutForwards=value] on <iframe>'s sandbox attribute, which is
> defined as a DOMSettableTokenList), I would like to propose a possible modification
> to the spec : changing <iframe> sandbox to be |string? sandbox| instead of a DOMSettableTokenList.
I do not like [PutForwards=value] but I still believe
DOMSettableTokenList is useful.
Cheers,
--
Mounir
Received on Monday, 26 March 2012 15:13:05 UTC