[whatwg] Iframe Sandbox Attribute - allow-plugins?

Julian Reschke julian.reschke at gmx.de
Thu Jul 14 01:16:18 PDT 2011

On 2011-07-14 08:22, Jonas Sicking wrote:
> On Wed, Jul 13, 2011 at 9:49 PM, Anne van Kesteren<annevk at opera.com>  wrote:
>> On Wed, 13 Jul 2011 23:13:05 +0200, Julian Reschke<julian.reschke at gmx.de>  wrote:
>>> Yes, but we can *define* the flag in HTML and write down what it means with respect to plugin APIs.
>> It seems much better to wait until it can actually be implemented.
> Especially since it's not at all clear to me that a specific opt-in
> mechanism is at all needed once we have the appropriate plugin APIs
> implemented. And those APIs are needed anyway if we want to allow
> plugins in any form in the sandbox.

"When the attribute is set, the content is treated as being from a 
unique origin, forms and scripts are disabled, links are prevented from 
targeting other browsing contexts, and plugins are disabled."

A browser negotiating something with plugins using that API and enabling 
them despite @sandbox would violate the above requirement, no?

More information about the whatwg mailing list