W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Kornel Lesinski <kornel@geekhood.net>
Date: Mon, 25 Jan 2010 22:47:29 -0000
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "public-html@w3.org" <public-html@w3.org>
Message-ID: <op.u631lff1ptj49s@aimac.local>
On Mon, 25 Jan 2010 21:17:19 -0000, Julian Reschke <julian.reschke@gmx.de>  
wrote:

>>> Furthermore, the data: URI scheme allows you to specify the mime type,  
>>> so the HTML vs XHTML question is already answered.
>>  data: cannot be used (it's been explained before), but perhaps new URI  
>> scheme could be created instead (e.g. data+sandbox)? This would degrade  
>> safely in current browsers and we wouldn't have to create *-sandboxed  
>> variant of every MIME type.
>
> It has been explained that @src and data: can't be used as-is without  
> more work. I'm trying to find out what "more work" exactly means, and  
> whether it's feasible.

AFAIK "more work" means figuring out way to protect UAs that support  
data:, but not @sandbox.

It is feasible: e.g. a different MIME type (*-sandbox) could be used in  
data: URIs, but it wouldn't degrade as nicely as @srcdoc could:

<iframe src="data:text/plain,hello" sandbox srcdoc="<b>hello</b>"></iframe>

-- 
regards, Kornel Lesinski
Received on Monday, 25 January 2010 22:48:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC