W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: CSP XML Data with tokens

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 31 Jan 2011 08:19:37 +0000
Message-ID: <AANLkTimmJZ=_Fs+9rAkF2r4Pc1DVJ1UcC2ob-YU=6xrX@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: Michal Zalewski <lcamtuf@coredump.cx>, Giorgio Maone <g.maone@informaction.com>, Adam Barth <w3c@adambarth.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Brandon Sterne <bsterne@mozilla.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Ok well so the daft thing with seamless iframes in HTML attributes, why not
use the node value? Since this isn't rendered on older browsers and you
don't need to use entities to render HTML.

<iframe>
<![CDATA[182kDJsw82


182kDJsw82]]>
</iframe>

Then it works in XML too, you'd just have to watch out for closing cdata and
iframe
Received on Monday, 31 January 2011 08:20:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 31 January 2011 08:20:15 GMT