[whatwg] iframe sandbox attribute
Boris Zbarsky
bzbarsky at MIT.EDU
Mon Mar 26 15:16:57 PDT 2012
On 3/26/12 3:13 PM, Mounir Lamouri wrote:
> I do not like [PutForwards=value] but I still believe
> DOMSettableTokenList is useful.
I think the issue in this case is that the DOMSettableTokenList
representation of the sandbox attribute, as specced, cannot distinguish
between "not sandboxed at all" and "sandboxed, with no loosening of any
restrictions".
That makes it very difficult to use, in my opinion. Very easy to shoot
yourself in the foot.
-Boris
More information about the whatwg
mailing list