On 07 Jun 2012 at 23:18, Ian Hickson <[email protected]> wrote: > On Thu, 23 Feb 2012, Andri Sævar Sigríksson wrote: >> >> i would like to suggest a limited context >> for embedding JavaScript/html in a websites
>> i don't think this would be difficult to implement >> web-browsers simply needs to ignore things that would not be allowed >> i think its every reason to implement this >> a lot of websites that allow embeding >> only allow flash or very limit html like img or <a href="url">Link text</a> >> simply because allowing any more that would subject the website to unwanted >> manipulation and hacks >> >> but with this limited context would allow websites >> allow embedding more freely for JavaScript/html without the risk > > Does the <iframe sandbox> feature recently added to HTML adequately > address your use cases? I thought iframe sandbox would suit my particular use case (where I receive what purports to be html and have to do some sanitisation before loading it into an iframe) but I still want to be able to click a link in the iframe and have it behave as if the link had target="_blank". Unfortunately there is no attribute for that in sandbox="<attribute-string>". -- Cheers -- Tim
