[whatwg] Sandboxing ideas
jonbarnett at gmail.com
Tue May 15 14:37:37 PDT 2007
On 5/15/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote:
> The OP probably meant that maintaining so many contexts would cause a
> comparable deterioration in performance. All user comments should be put
> one security context.
> With all comments grouped together in such a manner, you could even use an
> inline frame.
I really think comments are a bad use case. Why would someone allow scripts
in comments in any context, much less a sandboxed one?
The best use case I have thought of so far is MySpace et. al., a site where
users have their own page with limited permission in the context of the
overall site. MySpace solves this by not allowing scripts at all, as most
such web sites do. If possible, such sites might allow a user to insert
widget scripts with limited permissions. For this use case, iframe isn't
ideal, either, but limited scripting and styling are desired.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg