Re: BUG 8818 - lack of rationale

On 14 Feb 2010, at 15:54, Julian Reschke wrote:

>>> My rationale for inclusion/keeping srcdoc in the spec:
>>> 
>>> * It's easier to use. Compared to sandbox without src, srcdoc requires less changes to server-side applications that generate markup. Applications can continue to generate entire page as a single response rather than having to split page into many separate documents.
>> That can't be compensated with a data URI.
> 
> s/can't/can/ of course.


Yes, indeed. data: URI with special-purpose MIME type might work as well.

However, for this to be safe, I think @sandbox must forbid use of text/html MIME type, in order to force authors to use text/html-sandboxed instead. Otherwise authors could use "data:text/html," that may be insecure in older browsers.

http://www.w3.org/Bugs/Public/show_bug.cgi?id=9002

-- 
regards, Kornel LesiƄski

Received on Monday, 15 February 2010 12:34:50 UTC