[Bug 13659] New: 4.8.2 srcdoc seems error prone from bugzilla@jessica.w3.org on 2011-08-04 (public-html@w3.org from August 2011)

From: <bugzilla@jessica.w3.org>
Date: Thu, 04 Aug 2011 02:28:17 +0000
To: public-html@w3.org
Message-ID: <bug-13659-2495@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13659

           Summary: 4.8.2 srcdoc seems error prone
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: cyns@microsoft.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


"Notice the way that quotes have to be escaped (otherwise the sandbox attribute
would end prematurely), and the way raw ampersands (e.g. in URLs or in prose)
mentioned in the sandboxed content have to be doubly escaped � once so that the
ampersand is preserved when originally parsing the sandbox attribute, and once
more to prevent the ampersand from being misinterpreted when parsing the
sandboxed content."

It seems likely that injecting HTML as escaped (and DOUBLE escaped) strings
within an attribute will be difficult to get right, and will result in many
authoring errors.  What is the use case for this?

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Thursday, 4 August 2011 02:28:22 UTC