- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Sun, 24 Jan 2010 06:45:35 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv17095
Modified Files:
Overview.html
Log Message:
Add an example of srcdoc='' and some usage notes. (whatwg r4623)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.3683
retrieving revision 1.3684
diff -u -d -r1.3683 -r1.3684
--- Overview.html 24 Jan 2010 02:57:04 -0000 1.3683
+++ Overview.html 24 Jan 2010 06:45:32 -0000 1.3684
@@ -16870,9 +16870,43 @@
<code><a href="#windowproxy">WindowProxy</a></code> object will proxy new <code><a href="#window">Window</a></code>
objects for new <code>Document</code> objects, but the <code title="attr-iframe-src"><a href="#attr-iframe-src">src</a></code> attribute will not change.<div class="example">
- <p class="XXX">example for srcdoc here</p>
+ <p>Here a blog uses the <code title="attr-iframe-srcdoc"><a href="#attr-iframe-srcdoc">srcdoc</a></code> attribute in conjunction
+ with the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> and <code title="attr-iframe-seamless"><a href="#attr-iframe-seamless">seamless</a></code> attributes described
+ below to provide users of user agents that support this feature
+ with an extra layer of protection from script injection in the blog
+ post comments:</p>
- </div><hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn>
+ <pre><article>
+ <h1>I got my own magazine!</h1>
+ <p>After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!</p>
+ <footer>
+ <p>Written by <a href="/users/cap">cap</a>.
+ <time pubdate>2009-08-21T23:32Z</time></p>
+ </footer>
+ <article>
+ <footer> At <time pubdate>2009-08-21T23:35Z</time>, <a href="/users/ch">ch</a> writes: </footer>
+ <iframe seamless sandbox="allow-same-origin" srcdoc="<p>did you get a cover picture yet?"></iframe>
+ </article>
+ <article>
+ <footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer>
+ <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe>
+ </article>
+ <article>
+ <footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer>
+ <iframe seamless sandbox="allow-same-origin" srcdoc="<p>hey that's earl's table.
+<p>you should get earl&amp;me on the next cover."></iframe>
+ </article></pre>
+
+ </div><p class="note">In <a href="#syntax">the HTML syntax</a>, authors need only
+ remember to use U+0022 QUOTATION MARK characters (") to wrap the
+ attribute contents and then to quote all U+0022 QUOTATION MARK (")
+ and U+0026 AMPERSAND (&) characters, and to specify the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, to ensure safe
+ embedding of content.<p class="note">Due to restrictions of <span>the XML syntax</span>,
+ in XML a number of other characters need to be escaped also to
+ ensure correctness.<hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn>
attribute, if present, must be a <a href="#valid-browsing-context-name">valid browsing context
name</a>. The given value is used to name the <a href="#nested-browsing-context">nested
browsing context</a>. <span class="impl">When the browsing
Received on Sunday, 24 January 2010 06:45:37 UTC