On 28 January 2011 16:56, sird@rckc.at <sird@rckc.at> wrote: > Hi! > > The attribute "seamless" will do: > > 1. If you have b{color:blue} in the doc > 2. You have: > <iframe sandbox="allow-same-origin" seamless="seamless" > srcdoc="<b>xD</b>"></iframe> > 3. You get, a blue bold "xD". > So it puts HTML content inside an attribute! How would it handle entities? I mean if an attribute is rendering as HTML then does ' become '? Who thought putting HTML in attributes was a good idea? Does that mean stuff like <a href=javascript&#58;alert(1)>test</a> I like the idea of externally included sandboxed HTML but not inline.Received on Friday, 28 January 2011 17:16:44 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 28 January 2011 17:16:45 GMT