[whatwg] The <iframe> element and sandboxing ideas
frode at seria.no
Mon Jul 21 15:35:03 PDT 2008
I like the proposal of adding a "seamless" attribute to the iframe element,
though it should perhaps be added using CSS since it applies to styling?
I also want the following:
<span sandbox=1> </span>
This is because a typical Web 2.0 usage is to have a list of comments with a
thumbs up/thumbs down for each message. This requires more fine grained
control of what is user generated content and what is scripted content.
The problem is 1: that the user can easily write </span> in his comment and
bypass the sandbox and 2: it is not backward compatible.
This is prevented by requiring anything inside a sandbox being entity
<span sandbox=1> </span> </span>
If the browser finds unescaped content inside a sandbox it should refuse to
display the page - thereby forcing the author to fix this immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg