[whatwg] Sandboxing ideas
Jon Barnett
jonbarnett at gmail.com
Mon May 14 13:02:42 PDT 2007
On 5/14/07, Michel Fortin <michel.fortin at michelf.com> wrote:
>
> Le 2007-05-14 à 11:35, Alexey Feldgendler a écrit :
>
> > I'd treat these two problems as equally important. A separate HTTP
> > request per forum comment on the page is completely unacceptable.
>
> What about encoding the content of each comment iframe in a "data:" URI?
The contents of an iframe with a data: URI source should be trusted, unlike
an iframe with an http: URI source from another domain. A script in an
iframe with a data: URI source should, by default, be able to communicate
with the parent window. So, that alone doesn't solve the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20070514/1f0a2a14/attachment-0001.htm>
More information about the whatwg
mailing list