W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Ian Hickson <ian@hixie.ch>
Date: Sun, 17 Jan 2010 09:14:38 +0000 (UTC)
To: Julian Reschke <julian.reschke@gmx.de>
Cc: public-html@w3.org
Message-ID: <Pine.LNX.4.64.1001170907430.3958@ps20323.dreamhostps.com>
On Sun, 17 Jan 2010, Julian Reschke wrote:
> Ian Hickson wrote:
> > ...
> > Markup in attributes has it's disadvantages, but it's not necessarily a
> > problem. data: URLs of HTML resources are a common case of markup in an
> > attribute that seems to work ok; it is in fact the inspiration for doc="".
> > The main problems with data: attributes in this context are:
> > 
> >  - data: attributes require more escaping
> 
> Yes. Is that sufficient reason to add yet another syntax?

Maybe, maybe not. I guess that's a judgement call. I would judge that it 
is probably not necessary on its own, but is probably a strong enough gain 
that given few other benefits, it would sway the argument.


> >  - the definition of 'origin' for data: attributes isn't fully stable
> 
> Then it should be made stable.

That would be nice, yes. If you can get consensus amongst implementors on 
what origin should be used for documents parsed from data obtained from 
data: URLs, and then get them to reliably implement that and ship it 
without them receiving bug reports that cause them to change their mind, 
then I would be very grateful.


> >  - using data: has the wrong fallback story (it fails open, instead of
> > closed)
> > ...
> 
> What does that mean?

A data: URI is processed in a legacy UA even if it doesn't support 
sandboxing. What we're looking for is a solution where the origin can be 
the same as the parent document's, with scripting disabled, in UAs that 
support sandbox="", and where legacy UAs either render nothing, or, 
ideally, can be served a server-filtered alternative form of the data. I 
don't see how to do that with src="data:...".

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 17 January 2010 09:15:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:57 GMT