W3C home > Mailing lists > Public > public-html@w3.org > July 2010

WebKit feedback on ISSUE-100 (remove srcdoc)

From: Adam Barth <w3c@adambarth.com>
Date: Sat, 17 Jul 2010 15:37:43 -0700
Message-ID: <AANLkTinoOMgdi2U_lBAZ7qePvheAKU35Cf9aplE6O-ot@mail.gmail.com>
To: HTML WG <public-html@w3.org>
Cc: Sam Weinig <sam@webkit.org>
There seems to be some question as to the level of implementor
interest in iframe@srcdoc.  As with Mozilla, there's rarely a single
"WebKit position" because the WebKit project encompasses a large
number of folks with diverse interests, but I did talk the issue over
with Sam Weinig, one of the project's security experts.  Here's our
feedback:

1) @srcdoc seems useful, especially in conjunction with @seamless and
@sandbox.  As many of you know, we've already implemented @sandbox.
There's a lot of interested in implementing @seamless.  Having @srcdoc
completes many use cases.

2) Although iframe's are more expensive than DOM nodes today, we hope
to reduce their cost in the future.  Currently, iframes require
coordination between several abstraction layers whereas DOM nodes are
contained in one or two layers.  As part of WebKit2, we're reducing
the cost of iframes by removing the need to interact with the
platform's windowing toolkit.  The cheaper iframes are, the more
attractive @srcdoc is, both compared to network fetches and compared
to other solutions for isolating untrusted regions of the document.

3) As long as user agents don't implement @srcdoc before @sandbox,
authors can use @srcdoc as a way of providing content that's only
visible to @sandbox-aware user agents.  This is a bit of a "one-trick"
pony, but it's a nice trick.  Hopefully other user agent implements
will maintain this invariant.

4) One important advantage of @srcdoc relative to @src=data is that
the data passes through few transformations before being presented to
the parser.  In both cases, the content passes through
charset-decoding and HTML de-entification before going through the
iframe's parsing pipeline.  In the case of @src=data, the content also
goes through URL-unescaping, which adds complexity.  When accessed via
the DOM, @srcdoc provides a cleaner API than @src=data.  When accessed
via the DOM, @srcdoc (conceptually) delivers the characters directly
from JavaScript to the HTML parser, skipping the URL-unescaping
middleman.

5) The implementation burden for @srcdoc is very light.  We estimate
that an experienced WebKit engineer could implement the feature in
about a day.  Also, ongoing maintenance seems minimal.

Bottom line: @srcdoc seems useful (especially in conjunction with
@seamless and @sandbox) and we'll probably implement it.

Patches welcome: https://bugs.webkit.org/show_bug.cgi?id=42507

Adam
Received on Saturday, 17 July 2010 22:38:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:10 GMT