W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2012

[whatwg] iframe sandbox attribute

From: Mounir Lamouri <mounir@lamouri.fr>
Date: Mon, 26 Mar 2012 15:13:05 -0700
Message-ID: <4F70E9F1.6000605@lamouri.fr>
On 03/26/2012 02:37 PM, Ian Melven wrote:
> While working on implementing HTML5's iframe sandbox, I realized that in script, one can't
> tell the difference between these two cases : <iframe> and <iframe sandbox = ''>.
> 
> In both cases, iframe.sandbox will be '' (the empty string). This is
> true in Webkit and IE10's implementations, as far as my testing can tell (and
> in my work-in-progress implementation for Firefox also). 

element.hasAttribute('sandbox') should return false for the former case
and true for the later.

> There's also no way to clear sandboxing from an <iframe> without using something along
> the lines of .removeAttribute.

If you want to remove the sandbox attribute, isn't removeAttribute the
best way to do that?

> Due to this and some sentiment expressed by others at Mozilla against PutForwards
> (the HTML5 spec specifies [PutForwards=value] on <iframe>'s sandbox attribute, which is 
> defined as a DOMSettableTokenList), I would like to propose a possible modification
> to the spec : changing <iframe> sandbox to be |string? sandbox| instead of a DOMSettableTokenList.

I do not like [PutForwards=value] but I still believe
DOMSettableTokenList is useful.

Cheers,
--
Mounir
Received on Monday, 26 March 2012 15:13:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:40 UTC