- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Sun, 24 Jan 2010 06:45:35 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv17095 Modified Files: Overview.html Log Message: Add an example of srcdoc='' and some usage notes. (whatwg r4623) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.3683 retrieving revision 1.3684 diff -u -d -r1.3683 -r1.3684 --- Overview.html 24 Jan 2010 02:57:04 -0000 1.3683 +++ Overview.html 24 Jan 2010 06:45:32 -0000 1.3684 @@ -16870,9 +16870,43 @@ <code><a href="#windowproxy">WindowProxy</a></code> object will proxy new <code><a href="#window">Window</a></code> objects for new <code>Document</code> objects, but the <code title="attr-iframe-src"><a href="#attr-iframe-src">src</a></code> attribute will not change.<div class="example"> - <p class="XXX">example for srcdoc here</p> + <p>Here a blog uses the <code title="attr-iframe-srcdoc"><a href="#attr-iframe-srcdoc">srcdoc</a></code> attribute in conjunction + with the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> and <code title="attr-iframe-seamless"><a href="#attr-iframe-seamless">seamless</a></code> attributes described + below to provide users of user agents that support this feature + with an extra layer of protection from script injection in the blog + post comments:</p> - </div><hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn> + <pre><article> + <h1>I got my own magazine!</h1> + <p>After much effort, I've finally found a publisher, and so now I + have my own magazine! Isn't that awesome?! The first issue will come + out in September, and we have articles about getting food, and about + getting in boxes, it's going to be great!</p> + <footer> + <p>Written by <a href="/users/cap">cap</a>. + <time pubdate>2009-08-21T23:32Z</time></p> + </footer> + <article> + <footer> At <time pubdate>2009-08-21T23:35Z</time>, <a href="/users/ch">ch</a> writes: </footer> + <iframe seamless sandbox="allow-same-origin" srcdoc="<p>did you get a cover picture yet?"></iframe> + </article> + <article> + <footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> + <iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> + </article> + <article> + <footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> + <iframe seamless sandbox="allow-same-origin" srcdoc="<p>hey that's earl's table. +<p>you should get earl&amp;me on the next cover."></iframe> + </article></pre> + + </div><p class="note">In <a href="#syntax">the HTML syntax</a>, authors need only + remember to use U+0022 QUOTATION MARK characters (") to wrap the + attribute contents and then to quote all U+0022 QUOTATION MARK (") + and U+0026 AMPERSAND (&) characters, and to specify the <code title="attr-iframe-sandbox"><a href="#attr-iframe-sandbox">sandbox</a></code> attribute, to ensure safe + embedding of content.<p class="note">Due to restrictions of <span>the XML syntax</span>, + in XML a number of other characters need to be escaped also to + ensure correctness.<hr><p>The <dfn id="attr-iframe-name" title="attr-iframe-name"><code>name</code></dfn> attribute, if present, must be a <a href="#valid-browsing-context-name">valid browsing context name</a>. The given value is used to name the <a href="#nested-browsing-context">nested browsing context</a>. <span class="impl">When the browsing
Received on Sunday, 24 January 2010 06:45:37 UTC