W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2013

Re: [whatwg] Modifying iframe sandbox attributes

From: Ian Melven <imelven@mozilla.com>
Date: Tue, 23 Apr 2013 10:18:29 -0700 (PDT)
To: Tim Streater <tim@clothears.org.uk>
Message-ID: <2139223482.12080061.1366737508999.JavaMail.root@mozilla.com>
Cc: WhatWG List <whatwg@lists.whatwg.org>

see http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox

specifically "These flags only take effect when the nested browsing context of the iframe is navigated. Removing them, or removing the entire sandbox attribute, has no effect on an already-loaded page."

you need to navigate the sandboxed iframe for the new flags to take effect. 

thanks,
ian


----- Original Message -----
From: "Tim Streater" <tim@clothears.org.uk>
To: "WhatWG List" <whatwg@lists.whatwg.org>
Sent: Monday, April 22, 2013 10:26:00 AM
Subject: [whatwg] Modifying iframe sandbox attributes

I need to add/remove the allow-scripts attribute to/from an iframe sandbox, since I use one frame for two purposes (sometimes with untrusted content, other times with my own content that uses JavaScript). I've tried the following:

iframePtr.sandbox = "allow-popups allow-same-origin allow-scripts";

and:

iframePtr.sandbox = "allow-popups allow-same-origin";

This doesn't appear to work in Safari 6.0.4. Is this the right syntax? Is such a possibility even implemented yet.

--
Cheers  --  Tim
Received on Tuesday, 23 April 2013 17:18:57 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:57 UTC