W3C home > Mailing lists > Public > public-html-commits@w3.org > February 2010

html5/spec-author-view Overview.html,1.667,1.668 spec.html,1.672,1.673 the-iframe-element.html,1.21,1.22

From: Michael Smith via cvs-syncmail <cvsmail@w3.org>
Date: Sat, 13 Feb 2010 12:46:57 +0000
To: public-html-commits@w3.org
Message-Id: <E1NgHOj-00087F-GD@lionel-hutz.w3.org>
Update of /sources/public/html5/spec-author-view
In directory hutz:/tmp/cvs-serv31131

Modified Files:
	Overview.html spec.html the-iframe-element.html 
Log Message:
Add an example of escaped ampersands in URLs in sandbox=''. (whatwg r4704)

[updated by splitter]


Index: the-iframe-element.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/the-iframe-element.html,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- the-iframe-element.html	6 Feb 2010 10:57:03 -0000	1.21
+++ the-iframe-element.html	13 Feb 2010 12:46:55 -0000	1.22
@@ -384,7 +384,7 @@
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
-  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery?mode=cover&amp;amp;amp;page=1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
@@ -392,6 +392,15 @@
 &lt;p&gt;you should get earl&amp;amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
  &lt;/article&gt;</pre>
 
+   <p>Notice the way that quotes have to be escaped (otherwise the
+   <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute would
+   end prematurely), and the way raw ampersands (e.g. in URLs or in
+   prose) mentioned in the sandboxed content have to be
+   <em>doubly</em> escaped &#8212; once so that the ampersand is
+   preserved when originally parsing the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, and once more
+   to prevent the ampersand from being misinterpreted when parsing the
+   sandboxed content.</p>
+
   </div><p class="note">In <a href="syntax.html#syntax">the HTML syntax</a>, authors need only
   remember to use U+0022 QUOTATION MARK characters (") to wrap the
   attribute contents and then to escape all U+0022 QUOTATION MARK (")

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/Overview.html,v
retrieving revision 1.667
retrieving revision 1.668
diff -u -d -r1.667 -r1.668
--- Overview.html	13 Feb 2010 12:36:59 -0000	1.667
+++ Overview.html	13 Feb 2010 12:46:53 -0000	1.668
@@ -302,7 +302,7 @@
    </dl><p>This specification is available in the following formats: 
     <a href="spec.html">single page HTML</a>,
     <a href="Overview.html">multipage HTML</a>.
-This is revision 1.3754.
+This is revision 1.3755.
    </p> 
    <p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
    &#169; 2009 <a href="http://www.w3.org/"><abbr title="World Wide

Index: spec.html
===================================================================
RCS file: /sources/public/html5/spec-author-view/spec.html,v
retrieving revision 1.672
retrieving revision 1.673
diff -u -d -r1.672 -r1.673
--- spec.html	13 Feb 2010 12:36:59 -0000	1.672
+++ spec.html	13 Feb 2010 12:46:54 -0000	1.673
@@ -300,7 +300,7 @@
    </dl><p>This specification is available in the following formats: 
     <a href=spec.html>single page HTML</a>,
     <a href=Overview.html>multipage HTML</a>.
-This is revision 1.3754.
+This is revision 1.3755.
    </p> 
    <p class=copyright><a href=http://www.w3.org/Consortium/Legal/ipr-notice#Copyright>Copyright</a>
    © 2009 <a href=http://www.w3.org/><abbr title="World Wide
@@ -9818,7 +9818,7 @@
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
-  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery?mode=cover&amp;amp;amp;page=1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
  &lt;/article&gt;
  &lt;article&gt;
   &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
@@ -9826,6 +9826,15 @@
 &lt;p&gt;you should get earl&amp;amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
  &lt;/article&gt;</pre>
 
+   <p>Notice the way that quotes have to be escaped (otherwise the
+   <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute would
+   end prematurely), and the way raw ampersands (e.g. in URLs or in
+   prose) mentioned in the sandboxed content have to be
+   <em>doubly</em> escaped — once so that the ampersand is
+   preserved when originally parsing the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, and once more
+   to prevent the ampersand from being misinterpreted when parsing the
+   sandboxed content.</p>
+
   </div><p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only
   remember to use U+0022 QUOTATION MARK characters (") to wrap the
   attribute contents and then to escape all U+0022 QUOTATION MARK (")
Received on Saturday, 13 February 2010 12:46:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 13 February 2010 12:46:59 GMT