itty-bitty Idea: Safe subdomain for text-only content

Idea: Safe subdomain for text-only content

Open i-rme opened this issue 7 years ago • 0 comments

This way a link like this one: https://itty.bitty.site/#/data:text/html;charset=utf-8;bxze64,XQAAAAJBAAAAAAAAAAAqGgknZByHik/KTPT4HSNtN2h5G0ioByi51/j/XfI2TNaobPC0KdqzGEBb+tplhYhyKJ05lvFN3kKxiN/+IvwA

Could be converted to: https://safe.itty.bitty.site/#/data:text/html;charset=utf-8;bxze64,XQAAAAJBAAAAAAAAAAAqGgknZByHik/KTPT4HSNtN2h5G0ioByi51/j/XfI2TNaobPC0KdqzGEBb+tplhYhyKJ05lvFN3kKxiN/+IvwA

So the iframe becomes fully sandboxed (without "allow-scripts allow-forms allow-top-navigation allow-popups allow-modals").

So the user expects no javascript before opening the link.

Jul 10 '18 15:07 i-rme

itty-bitty itty-bitty copied to clipboard

Idea: Safe subdomain for text-only content

itty-bitty
itty-bitty copied to clipboard