- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 25 Jan 2010 17:33:30 -0600
- To: Gavin Carothers <gavin@carothers.name>
- Cc: HTMLwg <public-html@w3.org>
On Mon, Jan 25, 2010 at 5:28 PM, Gavin Carothers <gavin@carothers.name> wrote: > On Mon, Jan 25, 2010 at 3:12 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote: > Now with @src: > > http://gavin.carothers.name/iframe-srcdoc/iframe-srcdoc-w-src.html > > Okay it is better, at least there content is there now. > >> >> The important thing, though, is to feature-test for @sandbox support, >> as that's the relevant part. In general, using <iframe>s for this >> sort of thing won't be feasible for a few years, until all relevant >> browsers support @sandbox. > > Errr... so I'm still missing the advantage to be me an > author/publisher. I still have to do all the work I'm doing today, and > it radically increases the number of requests to my server and more > then doubles the number of bytes I have to serve (until browsers > support srcdoc, then it's negligible). In the mean time I'll destroy > the searchability of the page, and slow down my users experience. All > in the name of > possible future security? We're going to need to do better selling > this feature if we want to keep it. Don't use it right now. The only reason to use <iframe>s and @srcdoc is to gain the benefits of @sandbox, and you can't depend on @sandbox yet. This won't be usable for a few years, until all the browsers you care about implement @sandbox. Then, once that happens, you can do the @src/@srcdoc trick. Browsers that implement @srcdoc will give the sandbox benefits without extra network requests, and ones that don't yet will give the sandbox benefits at the cost of extra network requests. Right now, though, there are zero benefits to trying to use it and plenty of penalties, as you noted. That's fine. It's just a young feature that needs implementations. ~TJ
Received on Monday, 25 January 2010 23:34:22 UTC