W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 17 Jan 2010 10:18:12 -0800
Message-ID: <7789133a1001171018q5e7ce776oca3eecd5b57b46d3@mail.gmail.com>
To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org
One advantage of @doc over @src=data is that setting @doc via the DOM
is pretty idiot-proof:

window.addEventListener("message", function (evt) {
  var ifr = makeMeAnIframe();
  ifr.sandbox = "allow-scripts";
  ifr.doc = evt.data;
}, false);

Adam


On Sun, Jan 17, 2010 at 9:55 AM, Lachlan Hunt <lachlan.hunt@lachy.id.au> wrote:
> Ian Hickson wrote:
>>
>>  - data: attributes require more escaping
>>  - the definition of 'origin' for data: attributes isn't fully stable
>>  - using data: has the wrong fallback story (it fails open, instead of
>>    closed)
>
> While this doesn't address the first two points, the fallback story can be
> somewhat improved by using text/html-sandboxed:
>
> <iframe src="data:text/html-sandboxed,<!DOCTYPE html><p>test"></iframe>
>
> The fallback for this is then the same as for using text/html-sandboxed over
> HTTP, which admittedly has its own set of problems in current browsers.
>
> --
> Lachlan Hunt - Opera Software
> http://lachy.id.au/
> http://www.opera.com/
>
>
Received on Sunday, 17 January 2010 18:19:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:57 GMT