Skip to content
Permalink
Browse files

We're not going to enable 'sandbox' in '<meta>'.

  • Loading branch information...
mikewest committed Apr 5, 2016
1 parent 53323db commit 8ca78f0ed12bbbde0a11c4d58fb936ce0a25f9d7
Showing with 0 additions and 4 deletions.
  1. +0 −4 index.src.html
@@ -393,10 +393,6 @@ <h3 id="open-questions">Open Questions</h3>
it makes sense for folks to allow workers while disallowing frames, or
vice-versa?

ISSUE: Can we enable `sandbox` inside <{meta}>? It's not clear what threat we're
preventing by dropping support for it (and Chrome and Safari support it
today).

ISSUE: Do we still need to strip values when reporting? I think we've removed
much of the risk by using the original URL of a blocked resource; there
shouldn't be anything in the report JSON that script can't gather on its own

0 comments on commit 8ca78f0

Please sign in to comment.
You can’t perform that action at this time.