W3C home > Mailing lists > Public > public-html-commits@w3.org > February 2010

html5/spec Overview.html,1.3754,1.3755

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Sat, 13 Feb 2010 12:44:52 +0000
To: public-html-commits@w3.org
Message-Id: <E1NgHMi-0007yU-It@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv30636

Modified Files:
	Overview.html 
Log Message:
Add an example of escaped ampersands in URLs in sandbox=''. (whatwg r4704)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3754
retrieving revision 1.3755
diff -u -d -r1.3754 -r1.3755
--- Overview.html	13 Feb 2010 12:33:20 -0000	1.3754
+++ Overview.html	13 Feb 2010 12:44:48 -0000	1.3755
@@ -16973,7 +16973,7 @@
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
-  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery?mode=cover&amp;amp;amp;page=1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
@@ -16981,6 +16981,15 @@
 &lt;p&gt;you should get earl&amp;amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
  &lt;/article&gt;</pre>
 
+   <p>Notice the way that quotes have to be escaped (otherwise the
+   <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute would
+   end prematurely), and the way raw ampersands (e.g. in URLs or in
+   prose) mentioned in the sandboxed content have to be
+   <em>doubly</em> escaped &mdash; once so that the ampersand is
+   preserved when originally parsing the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, and once more
+   to prevent the ampersand from being misinterpreted when parsing the
+   sandboxed content.</p>
+
   </div><p class="note">In <a href="#syntax">the HTML syntax</a>, authors need only
   remember to use U+0022 QUOTATION MARK characters (") to wrap the
   attribute contents and then to escape all U+0022 QUOTATION MARK (")
Received on Saturday, 13 February 2010 12:44:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 13 February 2010 12:44:54 GMT