On Mon, Jul 6, 2015 at 2:47 AM, Mike West mk...@google.com wrote:
I've dropped the opener/openee-disowning behavior from my proposal,
and renamed the sandboxing keyword to `allow-popups-to-escape-sandbox` in
https://wiki.whatwg.org/index.php?title=Iframe_sandbox_improvmentsdiff=9958oldid=9955
On 12/1/10 7:29 AM, Boris Zbarsky wrote:
On 12/1/10 3:49 AM, Philip Jägenstedt wrote:
I dunno about solid, but the obvious things you can do with
javascript: that you can't do as easily with data: are things
that are dynamic. That said, in a sandbox the only things that
are available as
On 11/11/10 12:06 PM, Ingo Chao wrote:
For https mashups, users will see always a few
security warnings in IE or Chrome, because a few components will be
delivered via http. Thats good, but I would like to know that, too.
The mashup should report that automatically. Hence my question
Ian Hickson wrote:
Note that the problems you raise also exist (and have long existed) with
cookies; at least the storage APIs default to a safe state in the general
case instead of defaulting to an unsafe state.
In what way do the storage API's default to a safe state? What unsafe
state is
Thomas Much wrote:
- If people don't want this feature, you'll have to provide a switch to turn
it off.
- If it can be switched off, websites will use the old, hidden ways to track
users.
Can't you say the same about cookies? Many people are up in arms about
tracking and browsers do provide