[Bug 13599] Remove srcdoc attribute on iframe from bugzilla@jessica.w3.org on 2011-08-03 (public-html-bugzilla@w3.org from August 2011)

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Aug 2011 18:54:01 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1QogZt-0000Fu-8a@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13599

Jacob Rossi [MSFT] <jrossi@microsoft.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jrossi@microsoft.com

--- Comment #2 from Jacob Rossi [MSFT] <jrossi@microsoft.com> 2011-08-03 18:54:00 UTC ---
Despite the conversations on the lists, I still agree with Jirka that this
feature increases the attack surface area by requiring the markup to be
correctly escaped.  No browsers implement this yet, I'd like to see this
removed from the spec. I think the risk outweighs the functionality (for most
of which there are other simple ways to implement the functionality).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 3 August 2011 18:54:02 UTC