W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 25 Jan 2010 12:10:36 -0600
Message-ID: <dd0fbad1001251010yb768b01k52ad7d33247d3a26@mail.gmail.com>
To: Aryeh Gregor <Simetrical+w3c@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Lars Gunther <gunther@keryx.se>, "public-html@w3.org WG" <public-html@w3.org>
On Mon, Jan 25, 2010 at 12:02 PM, Aryeh Gregor <Simetrical+w3c@gmail.com> wrote:
> On reflection, I'm not at all sure that anyone much would use srcdoc
> in a serious app -- it's probably too rigid.  It could be useful for
> quick hack-ups, but I don't know if those are worth it.  Who would
> actually use srcdoc?

I'd certainly use it as a fairly secure defense against scripting
attacks.  Just a plain @sandbox with nothing allowed will defend my
users more securely than anything a regexp-based filter can promise.

~TJ
Received on Monday, 25 January 2010 18:11:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC