[whatwg] some thoughts on sandboxed IFRAMEs
ian at hixie.ch
Sun Jan 24 03:24:53 PST 2010
On Sun, 24 Jan 2010, Adam Barth wrote:
> On Sun, Jan 24, 2010 at 11:52 AM, Ian Hickson <ian at hixie.ch> wrote:
> > On Fri, 11 Dec 2009, Michal Zalewski wrote:
> >> 2.1) The ability to disable loading of external resources (images,
> >> scripts, etc) in the sandboxed document. The common usage scenario is
> >> when you do not want the displayed document to "phone home" for
> >> privacy reasons, for example in a web mail system.
> > Good point. Should we make sandbox="" disable off-origin network
> > requests?
> In general, stopping malicious content from exfiltrating data isn't
> practical. For example, even including a single hyperlink is often
> sufficient to exfiltrate a large amount of data. In user agents that
> prefetch DNS, the user doesn't even need to click on the link.
Ok. Then I won't add it.
> > On Sun, 13 Dec 2009, Adam Barth wrote:
> >> I'm very interested in a solution that works for the following use
> >> cases:
> >> 1) A web page wants to display untrusted (i.e., restricted) HTML
> >> received via cross-site XMLHttpRequest or postMessage.
> > Do you have a concrete use case for which <iframe> doesn't work?
> <iframe sandbox srcdoc> might work nicely for this use case, actually,
> especially because setting srcdoc from the DOM removes the need to
> escape ".
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg