W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: innerHTML in DocumentFragment

From: Ojan Vafai <ojan@chromium.org>
Date: Mon, 7 Nov 2011 09:30:05 -0800
Message-ID: <CANMdWTsO-QuUw6RBv1VfE9Qwz2GFyHfHhcjSzmevk7eME9R2gQ@mail.gmail.com>
To: Ryan Seddon <seddon.ryan@gmail.com>
Cc: Yehuda Katz <wycats@gmail.com>, public-webapps WG <public-webapps@w3.org>
I don't really follow. Script won't execute until you append the fragment
to the DOM, at which point the fragment itself doesn't go in the DOM, just
it's children. So, I'm not really sure what sandboxing on fragments would
do.

On Fri, Nov 4, 2011 at 11:14 PM, Ryan Seddon <seddon.ryan@gmail.com> wrote:

> This would be a great addition, another thought would be the ability to
> sandbox the documentFragment. Much the same way you can sanitise
> responseText from an XHR using and iframe with the sandbox attribute being
> able to do this with fragments would be might handy.
>
Received on Monday, 7 November 2011 17:30:58 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:48 GMT