[whatwg] The <iframe> element and sandboxing ideas
Frode Børli
frode at seria.no
Mon Jul 21 15:35:03 PDT 2008
I like the proposal of adding a "seamless" attribute to the iframe element,
though it should perhaps be added using CSS since it applies to styling?
I also want the following:
<span sandbox=1> </span>
This is because a typical Web 2.0 usage is to have a list of comments with a
thumbs up/thumbs down for each message. This requires more fine grained
control of what is user generated content and what is scripted content.
The problem is 1: that the user can easily write </span> in his comment and
bypass the sandbox and 2: it is not backward compatible.
This is prevented by requiring anything inside a sandbox being entity
escaped:
<span sandbox=1> </span> </span>
If the browser finds unescaped content inside a sandbox it should refuse to
display the page - thereby forcing the author to fix this immediately.
Any comments?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080722/8b1ac810/attachment-0001.htm>
More information about the whatwg
mailing list