W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2012

[whatwg] iframe sandbox attribute

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 26 Mar 2012 16:06:23 -0700
Message-ID: <4F70F66F.8000101@mit.edu>
On 3/26/12 3:19 PM, Ian Hickson wrote:
> Changing it to a string doesn't affect that, though, does it?

Well, changing to a nullable string does affect it because doing 
something like this:

   myFrame.sandbox = myFrame.sandbox;

is a no-op, as by all sane rights it should be....  More importantly,

   myOtherFrame.sandbox = myFrame.sandbox;

doesn't have weird surprising behavior if the attribute is something 
whose value sanely distinguishes between the various possible sandbox 
values.

> We can certainly add an attribute to DOMSettableTokenList (or rather, a
> descendant, for use specifically with iframe.sandbox) that does the same
> as .hasAttribute(), e.g.:
>
>     iframe.sandbox.present
>
> ...or something, if that would help.

Would we also make the attribute readonly, then, and require that it be 
set via the token list?  Otherwise, it seems like the snippets above 
would still have pretty unexpected behavior.  But even then they might, 
since sets of readonly props are just silently ignored.  :(

-Boris
Received on Monday, 26 March 2012 16:06:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:40 UTC