[Caja] Issue 1812 in google-caja: Design a general API for host-settable sandbox policies

[google-caja]

Status: Accepted
Owner: ----
CC: kpreid.switchb.org
Labels: Type-Enhancement Priority-Medium DOMado
New issue 1812 by kpreid.switchb.org: Design a general API for  
host-settable sandbox policies
http://code.google.com/p/google-caja/issues/detail?id=1812

There are a number of places, particularly relating to Domado, where it  
would be reasonable for the host page to be able to independently control  
small policy decisions. We should decide what form such controls should  
take in our API. Some examples, some of recent interest:

- Whether links are forced to target="_blank". (This is already controlled  
by targetAttributePresets in caja.initialize. However, this cannot be  
controlled per-guest; and I also wish to consider whether such policy  
settings should be grouped in some manner independent of other types of  
Caja config.)

- Whether window resize events are forwarded to the guest (issue 1806).  
Doing so would be appropriate iff the vdoc container resizes along with the  
host page, which we can't easily tell automatically.

- Whether native .click() is permitted on HTML elements. This would be  
useful for test suites run inside of Caja, but means that of guest-created  
click events could be caught by naïve host event listeners. So, it would

- Whether the guest is permitted to play audio (programmatically or via  
autoplay on embedded audio/video).

- Whether CSS class names are rewritten to be namespaced. (We currently do  
not do this, but I believe that is usually a mistake (that content uses  
class names as a local namespace which should be isolated) but that in  
more "plugin"-like use cases it would be appropriate.)

--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--

--- 
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-caja-discuss+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.