Re: Please consider whether new APIs/functionality should be disabled by default in sandboxed iframes
On 2/27/17 7:07 AM, David Bruant wrote: Did a particular feature triggered your message? No, it was just something I had been thinking about for a bit. Would it make sense to add the question to the "Intent to Implement" email template? https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement That's probably a good idea. I added it there: Is this feature enabled by default in sandboxed iframes? If not, is there a proposed sandbox flag to enable it? If allowed, does it preserve the current invariants in terms of what sandboxed iframes can do? -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Please consider whether new APIs/functionality should be disabled by default in sandboxed iframes
Hi Boris, Did a particular feature triggered your message? Would it make sense to add the question to the "Intent to Implement" email template? https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement "Intent to" emails seem like a good time to ask this questions/raise: * the feature is not implemented yet * other browsers vendors are reading the "intent to" emails, so there is an opportunity for this question to be fixed in an interoperable manner David Le mercredi 11 janvier 2017 18:34:56 UTC+1, Boris Zbarsky a écrit : > When adding a new API or CSS/HTML feature, please consider whether it > should be disabled by default in sandboxed iframes, with a sandbox token > to enable. > > Note that this is impossible to do post-facto to already-shipped APIs, > due to breaking compat. But for an API just being added, this is a > reasonable option and should be strongly considered. > > -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Please consider whether new APIs/functionality should be disabled by default in sandboxed iframes
When adding a new API or CSS/HTML feature, please consider whether it should be disabled by default in sandboxed iframes, with a sandbox token to enable. Note that this is impossible to do post-facto to already-shipped APIs, due to breaking compat. But for an API just being added, this is a reasonable option and should be strongly considered. -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform