[whatwg] some thoughts on sandboxed IFRAMEs

Adam Barth whatwg at adambarth.com
Sun Dec 13 14:00:00 PST 2009


On Sun, Dec 13, 2009 at 1:51 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote:
>> That seems like a backwards way of proceeding.  Do you have a proposal
>> for unification besides the <jail> tag?
>
> The only fundamental objection I have heard against it is the trouble
> with XML representation.

How do I use the <jail> tag to sandbox advertisements?

More specifically, here's the use case that I think is easy 10x or a
100x more important than everything else we've discussed in this
thread:

1) A publisher wants to show an advertisement on his or her web page.
2) 60% of the visits to the publishers web site are running a
vulnerable version of Flash.
3) The publisher does not want a malicious advertisement to install
malware on the user's computer.

The sandbox tag is great at addressing that use case.  I don't see why
we should delay it in the hopes that the <jail> tag comes back to
life.

Adam



More information about the whatwg mailing list