Features/Platform/Iframe Sandbox: Difference between revisions

Features/Platform/Iframe Sandbox (view source)

200 bytes added , 28 November 2011

no edit summary

Confirmed users

197

edits

@@ Line 20: / Line 20: @@
 * whether to implement @sandbox on <frame> or not - this is being discussed on the whatwg list - my current proposal is to implement it on <frame>
 * whether to implement @sandbox on <xul:iframe/browser/editor> - this needs discussion still
+* what to do with Workers in a sandboxed frame - would probably need allow-scripts for these, and maybe allow-same-domain ? or just block them altogether, as apparently some other browsers have done
 |Feature overview=The HTML5 standard specifies a new attribute for the IFRAME element, "sandbox". See also [https://bugzilla.mozilla.org/show_bug.cgi?id=341604 bug 341604] "Implement HTML5 sandbox attribute for IFRAMEs" and [https://bugzilla.mozilla.org/show_bug.cgi?id=671389 bug 671389] "Implement CSP sandbox directive"
 |Feature users and use cases=Users are web developers looking for a way to isolate content on their site and preventing it from having its default same origin privileges. The HTML5 spec specifies some modifying attributes that can re-grant permissions such as executing scripts and submitting forms, etc.