On Thu, 26 Jan 2012, Andrew Oakley wrote:
iframe outside a document doesn't initiate a load, so it's case is
different.
I'm not sure it is - we can create an iframe in the document then
remove it before it loads. Most browsers seem to give up on loading the
contents of the iframe
On Mon, 7 May 2012, Adam Barth wrote:
== Summary ==
When creating a srcdoc document, we need to be careful to avoid
introducing a Content-Security-Policy loophole.
== Details ==
Consider a document with the following Content-Security-Policy:
Content-Security-Policy: default-src
On Fri, Jun 22, 2012 at 4:10 PM, Ian Hickson i...@hixie.ch wrote:
On Mon, 7 May 2012, Adam Barth wrote:
== Summary ==
When creating a srcdoc document, we need to be careful to avoid
introducing a Content-Security-Policy loophole.
== Details ==
Consider a document with the following
On Fri, 22 Jun 2012, Adam Barth wrote:
When creating a srcdoc document, in the same way that we copy the
parent document's origin onto the child document, we should:
1) /enforce/, on the srcdoc document, all CSP policies currently being
enforced on the parent document.
2) /monitor/,
On Fri, Jun 22, 2012 at 4:22 PM, Ian Hickson i...@hixie.ch wrote:
On Fri, 22 Jun 2012, Adam Barth wrote:
When creating a srcdoc document, in the same way that we copy the
parent document's origin onto the child document, we should:
1) /enforce/, on the srcdoc document, all CSP policies
On Wed, 28 Mar 2012, Charles Pritchard wrote:
On 3/28/2012 2:41 PM, Ian Hickson wrote:
Currently, authors can create a large canvas, and place it in a div:
div style=overflow: hidden
canvasThis can is larger than the div/canvas
/div
...
The idea here is to enable scroll