[whatwg] some thoughts on sandboxed IFRAMEs
Adam Barth
whatwg at adambarth.com
Sun Dec 13 14:00:00 PST 2009
On Sun, Dec 13, 2009 at 1:51 PM, Michal Zalewski <lcamtuf at coredump.cx> wrote:
>> That seems like a backwards way of proceeding. Do you have a proposal
>> for unification besides the <jail> tag?
>
> The only fundamental objection I have heard against it is the trouble
> with XML representation.
How do I use the <jail> tag to sandbox advertisements?
More specifically, here's the use case that I think is easy 10x or a
100x more important than everything else we've discussed in this
thread:
1) A publisher wants to show an advertisement on his or her web page.
2) 60% of the visits to the publishers web site are running a
vulnerable version of Flash.
3) The publisher does not want a malicious advertisement to install
malware on the user's computer.
The sandbox tag is great at addressing that use case. I don't see why
we should delay it in the hopes that the <jail> tag comes back to
life.
Adam
More information about the whatwg
mailing list