Re: Please consider whether new APIs/functionality should be disabled by default in sandboxed iframes

[Boris Zbarsky]

On 2/27/17 7:07 AM, David Bruant wrote:

Did a particular feature triggered your message?


No, it was just something I had been thinking about for a bit.


Would it make sense to add the question to the "Intent to Implement" email 
template?
https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement


That's probably a good idea.  I added it there:

   Is this feature enabled by default in sandboxed iframes? If not, is 
there a proposed sandbox flag to enable it? If allowed, does it preserve 
the current invariants in terms of what sandboxed iframes can do?


-Boris
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Please consider whether new APIs/functionality should be disabled by default in sandboxed iframes

[David Bruant]

Hi Boris,

Did a particular feature triggered your message?

Would it make sense to add the question to the "Intent to Implement" email 
template?
https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement

"Intent to" emails seem like a good time to ask this questions/raise:
* the feature is not implemented yet
* other browsers vendors are reading the "intent to" emails, so there is an 
opportunity for this question to be fixed in an interoperable manner

David


Le mercredi 11 janvier 2017 18:34:56 UTC+1, Boris Zbarsky a écrit :
> When adding a new API or CSS/HTML feature, please consider whether it 
> should be disabled by default in sandboxed iframes, with a sandbox token 
> to enable.
> 
> Note that this is impossible to do post-facto to already-shipped APIs, 
> due to breaking compat.  But for an API just being added, this is a 
> reasonable option and should be strongly considered.
> 
> -Boris

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform