[whatwg] iframe sandbox attribute

Ian Hickson ian at hixie.ch
Tue Jul 10 09:27:36 PDT 2012


On Mon, 9 Jul 2012, Boris Zbarsky wrote:
> On 7/9/12 8:39 PM, Ian Hickson wrote:
> > Surely that's going to set the attribute regardless of whether the 
> > attribute is nullable or whatnot.
> 
> Well, that depends on how reflecting "DOMString?" attributes are 
> defined. Making setting null call removeAttribute would work much like 
> boolean attributes work.

That's an interesting idea, but it seems to me to be a bit late to be 
making such a fundamental change to the HTML DOM API. I mean, so far no 
attributes work that way (except in WebKit, apparently?); boolean 
attributes are the only ones where there's any way to remove the attribute 
by setting a value, more or less. It's not the first attribute where the 
empty string means something different than the attribute being omitted.


> > > More importantly,
> > > 
> > >    myOtherFrame.sandbox = myFrame.sandbox;
> > > 
> > > doesn't have weird surprising behavior if the attribute is something 
> > > whose value sanely distinguishes between the various possible 
> > > sandbox values.
> > 
> > I'm not sure I follow.
> 
> The point is that 'not set' and 'empty string' don't mean the same thing 
> for @sandbox, and ideally the DOM reflection would preserve the 
> distinction.

Since it doesn't for any other attributes that take a string but where 
empty string and absence are different, why is it suddenly an issue 
specifically with this attribute?


> > I think remaining consistent with other non-boolean attributes, and 
> > thus having the setter always set the attribute, is fine.
> 
> And I think it's a footgun.....

No more so, I'd wager, than being inconsistent with the other attributes.


I think the situation would be different if you were asking about changing 
the behaviour of all content attributes rather than one specific one. 
That's what Simon is arguing for here:

   https://www.w3.org/Bugs/Public/show_bug.cgi?id=17283

I'm not sure that makes sense either, but it's more plausible, IMHO, 
especially given that at least one UA apparently already does it. If Gecko 
also changed in this manner it would make the decision a lot easier. :-)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list