[whatwg] iframe sandbox attribute
Mounir Lamouri
mounir at lamouri.fr
Mon Mar 26 15:13:05 PDT 2012
On 03/26/2012 02:37 PM, Ian Melven wrote:
> While working on implementing HTML5's iframe sandbox, I realized that in script, one can't
> tell the difference between these two cases : <iframe> and <iframe sandbox = ''>.
>
> In both cases, iframe.sandbox will be '' (the empty string). This is
> true in Webkit and IE10's implementations, as far as my testing can tell (and
> in my work-in-progress implementation for Firefox also).
element.hasAttribute('sandbox') should return false for the former case
and true for the later.
> There's also no way to clear sandboxing from an <iframe> without using something along
> the lines of .removeAttribute.
If you want to remove the sandbox attribute, isn't removeAttribute the
best way to do that?
> Due to this and some sentiment expressed by others at Mozilla against PutForwards
> (the HTML5 spec specifies [PutForwards=value] on <iframe>'s sandbox attribute, which is
> defined as a DOMSettableTokenList), I would like to propose a possible modification
> to the spec : changing <iframe> sandbox to be |string? sandbox| instead of a DOMSettableTokenList.
I do not like [PutForwards=value] but I still believe
DOMSettableTokenList is useful.
Cheers,
--
Mounir
More information about the whatwg
mailing list