On 2011-07-14 08:22, Jonas Sicking wrote:
On Wed, Jul 13, 2011 at 9:49 PM, Anne van Kesteren<ann...@opera.com> wrote:
On Wed, 13 Jul 2011 23:13:05 +0200, Julian Reschke<julian.resc...@gmx.de>
wrote:
Yes, but we can *define* the flag in HTML and write down what it means with
respect to plugin APIs.
It seems much better to wait until it can actually be implemented.
Especially since it's not at all clear to me that a specific opt-in
mechanism is at all needed once we have the appropriate plugin APIs
implemented. And those APIs are needed anyway if we want to allow
plugins in any form in the sandbox.
"When the attribute is set, the content is treated as being from a
unique origin, forms and scripts are disabled, links are prevented from
targeting other browsing contexts, and plugins are disabled."
A browser negotiating something with plugins using that API and enabling
them despite @sandbox would violate the above requirement, no?
