<div dir="ltr"><div>I like the proposal of adding a "seamless" attribute to the iframe element, though it should perhaps be added using CSS since it applies to styling?</div>
<div> </div>
<div>I also want the following:</div>
<div> </div>
<div><span sandbox=1> </span></div>
<div> </div>
<div>This is because a typical Web 2.0 usage is to have a list of comments with a thumbs up/thumbs down for each message. This requires more fine grained control of what is user generated content and what is scripted content.</div>
<div> </div>
<div>The problem is 1: that the user can easily write </span> in his comment and bypass the sandbox and 2: it is not backward compatible. </div>
<div> </div>
<div>This is prevented by requiring anything inside a sandbox being entity escaped:</div>
<div> </div>
<div><span sandbox=1> </span> </span></div>
<div> </div>
<div>If the browser finds unescaped content inside a sandbox it should refuse to display the page - thereby forcing the author to fix this immediately.</div>
<div> </div>
<div>Any comments?</div></div>