Comment by owebmaster
2 days ago
a sandboxed user is not an untrusted user of the client but an unstrusted user of the host, that is why the client is sandboxed.
2 days ago
a sandboxed user is not an untrusted user of the client but an unstrusted user of the host, that is why the client is sandboxed.
sandboxing is a general term for actor isolation, and its context agnostic.
For example, when you use the sandbox attribute on an iframe in a web application, it's not the user that's untrusted, it's some other user that's attempting to trigger actions in your client.