[whatwg] suggestion limited context

Ian Hickson ian at hixie.ch
Thu Jun 7 15:18:12 PDT 2012


On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>
> i would like to suggest a limited context
> for embedding JavaScript/html  in a websites
> 
> i would suggest having few sets of  profiles
> 
> and maybe user/website-designer defined
> 
> the syntax may be something like this
> 
> limited
> {
> 
> ////code
> 
> }
> 
> i don't think this would be difficult to implement
> web-browsers  simply  needs to ignore things that would not be allowed
> 
> example
> 
> limited
> {
> <script>
> alert("Hello! I am an alert box!");
> </script>
> 
> <canvas id="example" width="200" height="200">
> 
> }
> 
> in this instance the web-browser  would ignore alert
> 
> 
> i think its every reason to implement this
> a lot of websites that allow embeding
> only allow flash or very limit html like img or <a href="url">Link text</a>
> simply because allowing any more that would subject the website to unwanted
> manipulation and hacks
> 
> but with  this limited context would allow websites
> allow embedding more freely for JavaScript/html without the risk

Does the <iframe sandbox> feature recently added to HTML adequately 
address your use cases?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the whatwg mailing list