: Etherpad users! We are developing an extension that will allow you to create pages from etherpads quickly and easily. Please visit our sandbox and help us test it.


From MozillaWiki
Jump to: navigation, search


(work in progress)

Problem Summary

HTML5 defines a "sandbox" mode for <iframe>, which disables certain features, such as scripting, form submission, and plugins. For some of these, such as scripting, an opt-in feature is available, but there is none for plugins.

Existing Discussion and Documentation

HTML5 iframe element [1]

HTML WG discussion thread on public-html [2]

API Requirements

  • It should be possible to find out whether the plugin knows about sandboxing as early as possible
    • Q: not sure whether this needs to be possible before Initialization
  • We need to be able to pass the various "opt-out" switches into the plugin instance
    • Q: does this need to happen at instantiation, or is it sufficient to do that before content is loaded?
  • Q: Do we need a more fine grained set of "sandbox flags" for plugins? Scripting? Network access? Other?

Current Proposal