[whatwg] Sandboxing scripts: call for a wider discussion
Ian Hickson
ian at hixie.ch
Sun Jan 22 19:14:02 PST 2006
On Sun, 22 Jan 2006, Alexey Feldgendler wrote:
>
> However, the ideas about sandboxing have been neither accepted nor rejected by
> others on this list, and the proposal didn't make it to WA1 current-work. It's
> a pity that these ideas are getting ignored [...]
Worry not, they're not being ignored. There are hundreds of good ideas
being suggested to this list; all will be examined and responded to before
the spec is finished. Currently the focus is on the parser section.
I agree that sandboxing is very important. There are some big problems
with it -- how to get some level of backwards compatibility without
exposing 99% of users to security risks, how to make it possible to
sandbox arbitrary content (that can't, e.g., do:
document.write("</sandbox>");
...or similar), how to enable all this without requiring multiple global
scope objects, etc.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list