When adding a new API or CSS/HTML feature, please consider whether it
should be disabled by default in sandboxed iframes, with a sandbox token
to enable.
Note that this is impossible to do post-facto to already-shipped APIs,
due to breaking compat. But for an API just being added, this is a
reasonable option and should be strongly considered.
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
