W3C home > Mailing lists > Public > public-html-diffs@w3.org > January 2010

hixie: Add an example of srcdoc='' and some usage notes. (whatwg r4623)

From: poot <cvsmail@w3.org>
Date: Sun, 24 Jan 2010 15:45:50 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20100124064551.347CD2BBE9@toro.w3.mag.keio.ac.jp>
hixie: Add an example of srcdoc='' and some usage notes. (whatwg r4623)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.3683&r2=1.3684&f=h
http://html5.org/tools/web-apps-tracker?from=4622&to=4623

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3683
retrieving revision 1.3684
diff -u -d -r1.3683 -r1.3684
--- Overview.html	24 Jan 2010 02:57:04 -0000	1.3683
+++ Overview.html	24 Jan 2010 06:45:32 -0000	1.3684
@@ -16870,9 +16870,43 @@
   <code><a href="#windowproxy">WindowProxy</a></code> object will proxy new <code><a href="#window">Window</a></code>
   objects for new <code>Document</code> objects, but the <code title="attr-iframe-src"><a href="#attr-iframe-src">src</a></code> attribute will not change.<div class="example">
 
-   <p class="XXX">example for srcdoc here</p>
+   <p>Here a blog uses the <code title="attr-iframe-srcdoc"><a href="#attr-iframe-srcdoc">srcdoc</a></code> attribute in conjunction
+   with the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> and <code title="attr-iframe-seamless"><a href="#attr-iframe-seamless">seamless</a></code> attributes described
+   below to provide users of user agents that support this feature
+   with an extra layer of protection from script injection in the blog
+   post comments:</p>
 
-  </div><hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn>
+   <pre>&lt;article&gt;
+ &lt;h1&gt;I got my own magazine!&lt;/h1&gt;
+ &lt;p&gt;After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!&lt;/p&gt;
+ &lt;footer&gt;
+  &lt;p&gt;Written by &lt;a href="/users/cap"&gt;cap&lt;/a&gt;.
+  &lt;time pubdate&gt;2009-08-21T23:32Z&lt;/time&gt;&lt;/p&gt;
+ &lt;/footer&gt;
+ &lt;article&gt;
+  &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:35Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;did you get a cover picture yet?"&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+  &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+  &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;hey that's earl's table.
+&lt;p&gt;you should get earl&amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;</pre>
+
+  </div><p class="note">In <a href="#syntax">the HTML syntax</a>, authors need only
+  remember to use U+0022 QUOTATION MARK characters (") to wrap the
+  attribute contents and then to quote all U+0022 QUOTATION MARK (")
+  and U+0026 AMPERSAND (&amp;) characters, and to specify the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, to ensure safe
+  embedding of content.<p class="note">Due to restrictions of <span>the XML syntax</span>,
+  in XML a number of other characters need to be escaped also to
+  ensure correctness.<hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn>
   attribute, if present, must be a <a href="#valid-browsing-context-name">valid browsing context
   name</a>. The given value is used to name the <a href="#nested-browsing-context">nested
   browsing context</a>. <span class="impl">When the browsing
Received on Sunday, 24 January 2010 06:46:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 December 2010 06:14:16 GMT