[whatwg] iframe sandbox attribute

Boris Zbarsky bzbarsky at MIT.EDU
Mon Mar 26 15:16:57 PDT 2012


On 3/26/12 3:13 PM, Mounir Lamouri wrote:
> I do not like [PutForwards=value] but I still believe
> DOMSettableTokenList is useful.

I think the issue in this case is that the DOMSettableTokenList 
representation of the sandbox attribute, as specced, cannot distinguish 
between "not sandboxed at all" and "sandboxed, with no loosening of any 
restrictions".

That makes it very difficult to use, in my opinion.  Very easy to shoot 
yourself in the foot.

-Boris



More information about the whatwg mailing list