[whatwg] iframe sandbox attribute
Ian Hickson
ian at hixie.ch
Mon Mar 26 15:19:32 PDT 2012
On Mon, 26 Mar 2012, Boris Zbarsky wrote:
> On 3/26/12 3:13 PM, Mounir Lamouri wrote:
> > I do not like [PutForwards=value] but I still believe
> > DOMSettableTokenList is useful.
>
> I think the issue in this case is that the DOMSettableTokenList
> representation of the sandbox attribute, as specced, cannot distinguish
> between "not sandboxed at all" and "sandboxed, with no loosening of any
> restrictions".
>
> That makes it very difficult to use, in my opinion. Very easy to shoot
> yourself in the foot.
Changing it to a string doesn't affect that, though, does it?
We can certainly add an attribute to DOMSettableTokenList (or rather, a
descendant, for use specifically with iframe.sandbox) that does the same
as .hasAttribute(), e.g.:
iframe.sandbox.present
...or something, if that would help.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list