- From: Kornel <kornel@geekhood.net>
- Date: Mon, 15 Feb 2010 12:34:09 +0000
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: public-html@w3.org
On 14 Feb 2010, at 15:54, Julian Reschke wrote: >>> My rationale for inclusion/keeping srcdoc in the spec: >>> >>> * It's easier to use. Compared to sandbox without src, srcdoc requires less changes to server-side applications that generate markup. Applications can continue to generate entire page as a single response rather than having to split page into many separate documents. >> That can't be compensated with a data URI. > > s/can't/can/ of course. Yes, indeed. data: URI with special-purpose MIME type might work as well. However, for this to be safe, I think @sandbox must forbid use of text/html MIME type, in order to force authors to use text/html-sandboxed instead. Otherwise authors could use "data:text/html," that may be insecure in older browsers. http://www.w3.org/Bugs/Public/show_bug.cgi?id=9002 -- regards, Kornel LesiĆski
Received on Monday, 15 February 2010 12:34:50 UTC