W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > August 2011

[Bug 13599] Remove srcdoc attribute on iframe

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Aug 2011 18:54:01 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1QogZt-0000Fu-8a@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13599

Jacob Rossi [MSFT] <jrossi@microsoft.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jrossi@microsoft.com

--- Comment #2 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-08-03 18:54:00 UTC ---
Despite the conversations on the lists, I still agree with Jirka that this
feature increases the attack surface area by requiring the markup to be
correctly escaped.  No browsers implement this yet, I'd like to see this
removed from the spec. I think the risk outweighs the functionality (for most
of which there are other simple ways to implement the functionality).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 3 August 2011 18:54:02 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:16 UTC