What sandbox does an <object> element run in? Can this sandbox be configured?
I run a site that displays user-generated SVGs. They are untrusted, so they need to be sandboxed.
I currently embed these SVGs using <object> elements. (Unlike <img>, this allows loading external fonts. And unlike using an <… Continue reading What sandbox does an <object> element run in? Can this sandbox be configured?