W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 16 Jan 2010 21:54:33 -0500
Message-ID: <4B527BE9.80300@mit.edu>
To: "Michael A. Puls II" <shadow2531@gmail.com>
CC: public-html WG <public-html@w3.org>
On 1/16/10 8:54 PM, Michael A. Puls II wrote:
> <!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title></title>
> </head>
> <body>
> <iframe doc='<!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title>test</title>
> </head>
> <body>
> <p>test</p>
> </body>
> </html>'></iframe>
> </body>
> </html>

Try this in a Gecko-based browser:

<!DOCTYPE html>
<html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body>
         <iframe src='data:text/html,<!DOCTYPE html>
<html>
     <head>
         <meta charset="utf-8">
         <title>test</title>
     </head>
     <body>
         <p>test</p>
     </body>
</html>'></iframe>
     </body>
</html>

Yes, that's technically not a valid data: URI.  Perhaps it's worth just 
making it valid?

> @doc is way more readable (the @ value at least), easier to author by
> hand, and tends to use less bytes than data URIs (although that might
> depend on how much you have to use entities so the markup doesn't break
> out of the attribute).

The data: URI as used above will of course always use a few more bytes 
for the "data:text/html," part...

> But, as far as security, I don't remember what @doc has over
> @src="data:". I think it was mentioned though and had something to do
> with origin problems with src="data:".

Specifically that some current UAs put src="data:" in the origin of the 
parent page?

-Boris
Received on Sunday, 17 January 2010 02:55:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:12 UTC