- From: <bugzilla@jessica.w3.org>
- Date: Wed, 03 Aug 2011 19:18:28 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13599 --- Comment #3 from Tab Atkins Jr. <jackalmage@gmail.com> 2011-08-03 19:18:27 UTC --- (In reply to comment #2) > Despite the conversations on the lists, I still agree with Jirka that this > feature increases the attack surface area by requiring the markup to be > correctly escaped. No browsers implement this yet, I'd like to see this > removed from the spec. I think the risk outweighs the functionality (for most > of which there are other simple ways to implement the functionality). Can you give an example of another way to safely embed third-party content in a page without incurring a network request per piece of content, and explain how it's easier or simpler to use than @srcdoc? I believe the on-list conversations were fairly exhaustive. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Wednesday, 3 August 2011 19:18:33 UTC