[whatwg] @srcdoc and default @sandbox
Kornel Lesiński
kornel at geekhood.net
Tue Aug 31 13:15:27 PDT 2010
On Mon, 30 Aug 2010 23:13:04 +0100, Justin Schuh <jschuh at chromium.org>
wrote:
>> At least as currently drafted, srcdoc is not a security feature. It's a
>> convenience feature. It is also designed to work well in tandem with a
>> particular security feature (sandbox). But by itself, it is not a
>> security feature.
>
> Data URLs already provide this.
What about existing UAs that implement data: URIs, but not sandbox?
--
regards, Kornel
More information about the whatwg
mailing list