*I should've shared this a long time ago but better late than never*
Last winter, I was dealing with some confusion surrounding `iframe`
sandboxing [when I wasn't aware it existed] on code playground sites
(JSFiddle, JSBin, CodePen, etc.).
While investigating, I ended up creating a JS library
On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene
wrote:
> While investigating, I ended up creating a JS library called *sandblaster*
> [1] to assist me in analyzing
We should probably just provide a mechanism for reading the currently
active sandboxing flags. You shouldn't have to write pages o
On Wed, Sep 30, 2015 at 10:51 AM, Mike West wrote:
> On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene > wrote:
>>
>> *and* potentially modifying/dismantling
>> iframe sandboxes.
>>
>
> Are you able to do this in any cases other than `allow-same-origin` and
> `allow-scripts`? If so, we should