[whatwg] iframe sandbox attribute

Boris Zbarsky bzbarsky at MIT.EDU
Mon Mar 26 16:06:23 PDT 2012


On 3/26/12 3:19 PM, Ian Hickson wrote:
> Changing it to a string doesn't affect that, though, does it?

Well, changing to a nullable string does affect it because doing 
something like this:

   myFrame.sandbox = myFrame.sandbox;

is a no-op, as by all sane rights it should be....  More importantly,

   myOtherFrame.sandbox = myFrame.sandbox;

doesn't have weird surprising behavior if the attribute is something 
whose value sanely distinguishes between the various possible sandbox 
values.

> We can certainly add an attribute to DOMSettableTokenList (or rather, a
> descendant, for use specifically with iframe.sandbox) that does the same
> as .hasAttribute(), e.g.:
>
>     iframe.sandbox.present
>
> ...or something, if that would help.

Would we also make the attribute readonly, then, and require that it be 
set via the token list?  Otherwise, it seems like the snippets above 
would still have pretty unexpected behavior.  But even then they might, 
since sets of readonly props are just silently ignored.  :(

-Boris


More information about the whatwg mailing list