On Fri, 12 Jan 2007 22:09:40 +0100, Asbjørn Ulsberg
<[EMAIL PROTECTED]> wrote:
Use an <iframe> and use cross-document messaging? This has been
discussed a lot by the way.
Frames are a terrible solution. The content is after all a part of the
page it's hosted in, but we want to sandbox it to make sure it can't do
any harm.
The proposed alternative is severely underdefined and won't work for the
foreseeable future anyway.
Let's say we'd like to sandbox anonymous user-contributed comments on a
blog, but not comments from logged in users. That would require all
anonymous comments to be placed within an iframe. For 100 anonymous
comments, that's 100 iframes on a single web page. Don't tell me that's
an elegant solution.
Why wouldn't have you have comment sanitization? Nope that you could use
data: URIs on the <iframe>s.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
