[whatwg] Please consider dropping the "sandbox" attribute from the <iframe> element
Ian Hickson
ian at hixie.ch
Wed Aug 25 12:19:35 PDT 2010
On Sun, 1 Aug 2010, Tantek Ã~Gelik wrote:
>
> In speaking with fellow developers at Mozilla, I've collected the
> following feedback:
> The sandbox feature and functionality needs a thorough security review.
I encourage browser vendors to perform thorough security reviews of
_anything_ they implement.
> It will be a lot of work to implement properly.
This is possible, yes. There exists at least one implementation already,
though, so it does not seem to be excessive work.
> It may not actually solve the problem it is intending to solve.
Could you elaborate on this?
I haven't removed the feature, since it has solid use cases and
implementations have begun.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list