[whatwg] Why won't you let us make our own HTML5 browsers?
fredandw at live.com
Wed Aug 29 07:15:16 PDT 2012
> From: bhawkeslewis at googlemail.com
> Date: Wed, 29 Aug 2012 08:34:47 +0100
> browser and document object models exposed to JS. HTML does now offer
> improved sandboxing (see the sandbox attribute on iframe). But see
> also http://www.adsafe.org/ for some more ideas about sandboxing JS.
Interesting perspective, thanks.
The privacy of a mashup seems easier to solve as it need not
modify the source document and could just sandbox the source websites
leaving them unmodified and consuming the content to build a new page to
present. Some of the iframe extensions go some way to solving
the privacy of mashups and I see a path to improving it further.
Access to the DOM does cause a big privacy leakage. Some popular
privacy and safety add-ons for Firefox modify the DOM and even place
their UI within the DOM making their presence and some of their state
visible to websites. For example Ghostery seems to do this and this
appears to allow a website to detect the add-on and even to see the list
of blocked sites. The Ghostery UI should be moved to the Chrome
context, but some of these add-ons still need to modify the document and
while these modifications are visible there remains privacy leakage. Can a
solution be found to make the operation of these add-ons a
> > For example a lot could be done with data-flow computations.
> Are you talking about something like the "calculate" property from XForms?
> > This could implement equations for layout,
> Layout deficiencies are best addressed by adding CSS features, no?
Yes, but fluid layout could use some calculations and is it likely that declarative calculations would ever be added to CSS?
More information about the whatwg