[whatwg] @srcdoc and default @sandbox

Maciej Stachowiak mjs at apple.com
Mon Aug 30 13:57:47 PDT 2010


On Aug 30, 2010, at 11:27 AM, Justin Schuh wrote:

> On Mon, Aug 30, 2010 at 10:18 AM, Maciej Stachowiak <mjs at apple.com> wrote:
>> 
>> I think it's better to let these remain orthogonal features. In general I think it is a net negative to usability when Feature A implicitly turns on Feature B. Implicit relationships like this make the Web platform more confusing.
> 
> Security features are typically effective only when deployed in
> concert and when they default to their most restrictive state. As I
> understand, srcdoc is intended primarily as a security feature
> (because non-security use cases already have solutions). So, srcdoc
> should behave like a well-spec'd security feature and provide it's
> strongest level of protection by default, requiring the author to
> scale it back if needed. Otherwise we'll end up with common vulnerable
> cases because many people will expect secure default behavior,
> regardless of whether or not we spec it.

At least as currently drafted, srcdoc is not a security feature. It's a convenience feature. It is also designed to work well in tandem with a particular security feature (sandbox). But by itself, it is not a security feature.

Regards,
Maciej



More information about the whatwg mailing list