Re: [whatwg] Modifying iframe sandbox attributes from Ian Hickson on 2013-07-24 (public-whatwg-archive@w3.org from July 2013)

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 24 Jul 2013 18:05:53 +0000 (UTC)
To: Tim Streater <tim@clothears.org.uk>
Cc: WhatWG List <whatwg@lists.whatwg.org>
Message-ID: <alpine.DEB.2.00.1307241803320.9685@ps20323.dreamhostps.com>

On Mon, 22 Apr 2013, Tim Streater wrote:
>
> I need to add/remove the allow-scripts attribute to/from an iframe 
> sandbox, since I use one frame for two purposes (sometimes with 
> untrusted content, other times with my own content that uses 
> JavaScript). I've tried the following:
> 
> iframePtr.sandbox = "allow-popups allow-same-origin allow-scripts";
> 
> and:
> 
> iframePtr.sandbox = "allow-popups allow-same-origin";
> 
> This doesn't appear to work in Safari 6.0.4. Is this the right syntax? 
> Is such a possibility even implemented yet.

It should work. Make sure you set them before you navigate the iframe, 
though.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 24 July 2013 18:06:16 UTC