[whatwg] suggestion limited context
Ian Hickson
ian at hixie.ch
Thu Jun 7 15:18:12 PDT 2012
On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>
> i would like to suggest a limited context
> for embedding JavaScript/html in a websites
>
> i would suggest having few sets of profiles
>
> and maybe user/website-designer defined
>
> the syntax may be something like this
>
> limited
> {
>
> ////code
>
> }
>
> i don't think this would be difficult to implement
> web-browsers simply needs to ignore things that would not be allowed
>
> example
>
> limited
> {
> <script>
> alert("Hello! I am an alert box!");
> </script>
>
> <canvas id="example" width="200" height="200">
>
> }
>
> in this instance the web-browser would ignore alert
>
>
> i think its every reason to implement this
> a lot of websites that allow embeding
> only allow flash or very limit html like img or <a href="url">Link text</a>
> simply because allowing any more that would subject the website to unwanted
> manipulation and hacks
>
> but with this limited context would allow websites
> allow embedding more freely for JavaScript/html without the risk
Does the <iframe sandbox> feature recently added to HTML adequately
address your use cases?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list