Dear Twitter, what’s the current state of the art of iframe sandboxing? Is it safe-enough these days to run arbitrary third-party code? For context, we’re looking to deploy a live chat service on our web site. Thanks!
4
2
3
Replying to @ivanristic
To be a bit safer, you can instead pop open a chat window. Or @frgx wrote a paper on privilege separation using temporary iframes, maybe that could be used? usenix.org/system/files/conf…

Jan 3, 2019 · 12:06 AM UTC
2