W3C home > Mailing lists > Public > public-html@w3.org > February 2010

Re: BUG 8818 - lack of rationale

From: Kornel <kornel@geekhood.net>
Date: Mon, 15 Feb 2010 12:34:09 +0000
Cc: public-html@w3.org
Message-Id: <063C4469-3F17-4635-8CCC-7348552CFDEE@geekhood.net>
To: Julian Reschke <julian.reschke@gmx.de>
On 14 Feb 2010, at 15:54, Julian Reschke wrote:

>>> My rationale for inclusion/keeping srcdoc in the spec:
>>> 
>>> * It's easier to use. Compared to sandbox without src, srcdoc requires less changes to server-side applications that generate markup. Applications can continue to generate entire page as a single response rather than having to split page into many separate documents.
>> That can't be compensated with a data URI.
> 
> s/can't/can/ of course.


Yes, indeed. data: URI with special-purpose MIME type might work as well.

However, for this to be safe, I think @sandbox must forbid use of text/html MIME type, in order to force authors to use text/html-sandboxed instead. Otherwise authors could use "data:text/html," that may be insecure in older browsers.

http://www.w3.org/Bugs/Public/show_bug.cgi?id=9002

-- 
regards, Kornel LesiƄski
Received on Monday, 15 February 2010 12:34:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:14 UTC