[whatwg] The <iframe> element and sandboxing ideas
Ian Hickson
ian at hixie.ch
Fri Feb 13 15:11:38 PST 2009
On Sat, 24 May 2008, Ojan Vafai wrote:
>
> So, the whole point of these is defining elements that are isolated from
> their surrounding context on different axes. Same origin iframes
> currently just give you CSS isolation. sandbox affords script isolation.
> seamless affords the ability to turn off the CSS isolation.
>
> Seems to me that we need a third property which controls event
> isolation. Currently events don't propagate in/out of iframes and event
> coordinates are all relative to the iframe's viewport (e.g. on mouse
> events).
>
> My first intuition was that seamless should also just propagate events
> and have mouse coordinate be relative to the parent browsing context.
> But I can think of cases where you would want to control the two
> separately. For example, if you are especially concerned about
> performance and don't want events in the parent browsing context to be
> handled by the iframe's contents.
This is an interesting idea, but I think we should wait until we have more
experience with sandbox="" and seamless="" before adding this feature. I
am wary of adding too much at once.
(We could add it later by having seamless="allow-events" or some such.)
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list