- From: Michael Smith via cvs-syncmail <cvsmail@w3.org>
- Date: Sat, 13 Feb 2010 12:46:57 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec-author-view In directory hutz:/tmp/cvs-serv31131 Modified Files: Overview.html spec.html the-iframe-element.html Log Message: Add an example of escaped ampersands in URLs in sandbox=''. (whatwg r4704) [updated by splitter] Index: the-iframe-element.html =================================================================== RCS file: /sources/public/html5/spec-author-view/the-iframe-element.html,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- the-iframe-element.html 6 Feb 2010 10:57:03 -0000 1.21 +++ the-iframe-element.html 13 Feb 2010 12:46:55 -0000 1.22 @@ -384,7 +384,7 @@ </article> <article> <footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> - <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> + <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery?mode=cover&amp;amp;page=1&quot;>in my gallery</a>."></iframe> </article> <article> <footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> @@ -392,6 +392,15 @@ <p>you should get earl&amp;amp;me on the next cover."></iframe> </article></pre> + <p>Notice the way that quotes have to be escaped (otherwise the + <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute would + end prematurely), and the way raw ampersands (e.g. in URLs or in + prose) mentioned in the sandboxed content have to be + <em>doubly</em> escaped — once so that the ampersand is + preserved when originally parsing the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, and once more + to prevent the ampersand from being misinterpreted when parsing the + sandboxed content.</p> + </div><p class="note">In <a href="syntax.html#syntax">the HTML syntax</a>, authors need only remember to use U+0022 QUOTATION MARK characters (") to wrap the attribute contents and then to escape all U+0022 QUOTATION MARK (") Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec-author-view/Overview.html,v retrieving revision 1.667 retrieving revision 1.668 diff -u -d -r1.667 -r1.668 --- Overview.html 13 Feb 2010 12:36:59 -0000 1.667 +++ Overview.html 13 Feb 2010 12:46:53 -0000 1.668 @@ -302,7 +302,7 @@ </dl><p>This specification is available in the following formats: <a href="spec.html">single page HTML</a>, <a href="Overview.html">multipage HTML</a>. -This is revision 1.3754. +This is revision 1.3755. </p> <p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2009 <a href="http://www.w3.org/"><abbr title="World Wide Index: spec.html =================================================================== RCS file: /sources/public/html5/spec-author-view/spec.html,v retrieving revision 1.672 retrieving revision 1.673 diff -u -d -r1.672 -r1.673 --- spec.html 13 Feb 2010 12:36:59 -0000 1.672 +++ spec.html 13 Feb 2010 12:46:54 -0000 1.673 @@ -300,7 +300,7 @@ </dl><p>This specification is available in the following formats: <a href=spec.html>single page HTML</a>, <a href=Overview.html>multipage HTML</a>. -This is revision 1.3754. +This is revision 1.3755. </p> <p class=copyright><a href=http://www.w3.org/Consortium/Legal/ipr-notice#Copyright>Copyright</a> © 2009 <a href=http://www.w3.org/><abbr title="World Wide @@ -9818,7 +9818,7 @@ </article> <article> <footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> - <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> + <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery?mode=cover&amp;amp;page=1&quot;>in my gallery</a>."></iframe> </article> <article> <footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> @@ -9826,6 +9826,15 @@ <p>you should get earl&amp;amp;me on the next cover."></iframe> </article></pre> + <p>Notice the way that quotes have to be escaped (otherwise the + <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute would + end prematurely), and the way raw ampersands (e.g. in URLs or in + prose) mentioned in the sandboxed content have to be + <em>doubly</em> escaped — once so that the ampersand is + preserved when originally parsing the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, and once more + to prevent the ampersand from being misinterpreted when parsing the + sandboxed content.</p> + </div><p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only remember to use U+0022 QUOTATION MARK characters (") to wrap the attribute contents and then to escape all U+0022 QUOTATION MARK (")
Received on Saturday, 13 February 2010 12:46:59 UTC