- @mohit_aghera opened merge request.
- 🇩🇪Germany neffets
1) I like the "sandbox" attribute, but its dangerous.
[sandbox atrribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox)If its set, then the default is very restrictive (no forms, no downloads, no scripts, no alerts, no popups, ...)
We should discuss what we suggest as "default" Options to enable.
I would suggest at minimum: "allow-downloads,allow-forms"
What is your opinion?
2) "reffererpolicy" would be OK with the default "strict-origin-when-cross-origin" (this is the normal browser default too)
- Status changed to Needs work
4 months ago 4:49pm 18 August 2024 - 🇺🇸United States smustgrave
Sounds like this needs more work/discussion.
Maybe worth breaking out into 2 separate as reffererpolicy seems less problematic.