[whatwg] iframe sandbox attribute

Boris Zbarsky bzbarsky at MIT.EDU
Mon Mar 26 15:16:57 PDT 2012

On 3/26/12 3:13 PM, Mounir Lamouri wrote:
> I do not like [PutForwards=value] but I still believe
> DOMSettableTokenList is useful.

I think the issue in this case is that the DOMSettableTokenList 
representation of the sandbox attribute, as specced, cannot distinguish 
between "not sandboxed at all" and "sandboxed, with no loosening of any 

That makes it very difficult to use, in my opinion.  Very easy to shoot 
yourself in the foot.


More information about the whatwg mailing list