[whatwg] suggestion limited context

Tim Streater tim at clothears.org.uk
Fri Jun 8 02:42:00 PDT 2012

On 07 Jun 2012 at 23:18, Ian Hickson <ian at hixie.ch> wrote: 

> On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote:
>> i would like to suggest a limited context
>> for embedding JavaScript/html  in a websites

>> i don't think this would be difficult to implement
>> web-browsers  simply  needs to ignore things that would not be allowed

>> i think its every reason to implement this
>> a lot of websites that allow embeding
>> only allow flash or very limit html like img or <a href="url">Link text</a>
>> simply because allowing any more that would subject the website to unwanted
>> manipulation and hacks
>> but with  this limited context would allow websites
>> allow embedding more freely for JavaScript/html without the risk
> Does the <iframe sandbox> feature recently added to HTML adequately 
> address your use cases?

I thought iframe sandbox would suit my particular use case (where I receive what purports to be html and have to do some sanitisation before loading it into an iframe) but I still want to be able to click a link in the iframe and have it behave as if the link had target="_blank". Unfortunately there is no attribute for that in sandbox="<attribute-string>".

Cheers  --  Tim

More information about the whatwg mailing list