[whatwg] Please consider dropping the "sandbox" attribute from the <iframe> element

Ian Hickson ian at hixie.ch
Wed Aug 25 12:19:35 PDT 2010


On Sun, 1 Aug 2010, Tantek Ã~Gelik wrote:
>
> In speaking with fellow developers at Mozilla, I've collected the 
> following feedback:
> The sandbox feature and functionality needs a thorough security review.

I encourage browser vendors to perform thorough security reviews of 
_anything_ they implement.


> It will be a lot of work to implement properly.

This is possible, yes. There exists at least one implementation already, 
though, so it does not seem to be excessive work.


> It may not actually solve the problem it is intending to solve.

Could you elaborate on this?


I haven't removed the feature, since it has solid use cases and 
implementations have begun.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the whatwg mailing list