W3C home > Mailing lists > Public > public-html-wg-issue-tracking@w3.org > February 2010

ISSUE-100 (srcdoc): Remove the srcdoc attribute from the HTML5 specification [HTML 5 spec]

From: HTML Weekly Issue Tracker <sysbot+tracker@w3.org>
Date: Sun, 14 Feb 2010 04:40:45 +0000 (GMT)
To: public-html-wg-issue-tracking@w3.org
Message-Id: <20100214044045.6BAA84DD6C@crusher.w3.org>

ISSUE-100 (srcdoc): Remove the srcdoc attribute from the HTML5 specification [HTML 5 spec]

http://www.w3.org/html/wg/tracker/issues/100

Raised by: Shelley Powers
On product: HTML 5 spec

The HTML5 editor has marked Bug 8818 as WONTFIX. 

The srcdoc attribute does not have universal acceptance, and the group was still
discussing it when the editor added it to the specification, without group consensus.

The supposed use case for this attribute is weblog comments, but concerns about
HTML security have been resolved with weblog and other application comments
years ago. In addition, support for this attribute could give the impression
that online sites don't need any other security, which is false. Script
injection is only one aspect of security related to weblog comments, and
considered a fairly trivial one at that.

Remove srcdoc from the HTML5 specification.
Received on Sunday, 14 February 2010 04:40:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:29 UTC