[whatwg] Sandboxing ideas

Alexey Feldgendler alexey at feldgendler.ru
Mon May 14 14:11:20 PDT 2007

Previous message: [whatwg] Sandboxing ideas
Next message: [whatwg] Sandboxing ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 14 May 2007 22:29:57 +0200, Michel Fortin  
<michel.fortin at michelf.com> wrote:

> I was pointing out a solution for the problem of separate HTTP requests  
> on a forum page. Used in conjunction with some previously-suggested  
> security attributes on <iframe>, it could do a pretty good sandbox for  
> use comments on a page.
>
> If you want the sandbox to degrade securely in older browsers, then this  
> is not a solution.

Yes, I want the sandbox to degrade securely, as does any webmaster who  
might be going to allow some user-supplied scripting while relying on  
sandboxing for security. To cover its use cases, this feature must degrade  
securely.

> But I don't think there's a nice solution to that anyway.

This does degrade securely, doesn't require separate HTTP requests, and  
maintains human readability.
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2005-December/005301.html

However, I admin that it's not quite “nice” (as in “æsthetics”).

-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com

Previous message: [whatwg] Sandboxing ideas
Next message: [whatwg] Sandboxing ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the whatwg mailing list