[whatwg] some thoughts on sandboxed IFRAMEs

Michal Zalewski lcamtuf at coredump.cx
Sun Dec 13 13:51:29 PST 2009


> That seems like a backwards way of proceeding.  Do you have a proposal
> for unification besides the <jail> tag?

The only fundamental objection I have heard against it is the trouble
with XML representation.

The other option is to simply require a traditional CDATA-esque
behavior or a tag parameter - which would place the burden on the
author to filter out / escape a single exact string or a quote, but
would be similar otherwise.

It's obviously less secure - because while the token-based approach
actually requires the user to explicitly come up with a token, however
poor it might be; whereas here, there is no way to enforce escaping.
But it's a solution that would not conflict with XML in any way.

>From Tab's response, looks like it's being considered, too - @doc +
@seamless. What's strikes me as a bit ironic is that this way, we're
overloading IFRAME to become something else entirely, and after
rejecting token-guards, settling for an option that is definitely not
perfect, and in practice, I think, is bound to be less secure.

/mz



More information about the whatwg mailing list