Re: <iframe doc="">

On 1/16/10 8:54 PM, Michael A. Puls II wrote:
> <!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title></title>
> </head>
> <body>
> <iframe doc='<!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title>test</title>
> </head>
> <body>
> <p>test</p>
> </body>
> </html>'></iframe>
> </body>
> </html>

Try this in a Gecko-based browser:

<!DOCTYPE html>
<html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body>
         <iframe src='data:text/html,<!DOCTYPE html>
<html>
     <head>
         <meta charset="utf-8">
         <title>test</title>
     </head>
     <body>
         <p>test</p>
     </body>
</html>'></iframe>
     </body>
</html>

Yes, that's technically not a valid data: URI.  Perhaps it's worth just 
making it valid?

> @doc is way more readable (the @ value at least), easier to author by
> hand, and tends to use less bytes than data URIs (although that might
> depend on how much you have to use entities so the markup doesn't break
> out of the attribute).

The data: URI as used above will of course always use a few more bytes 
for the "data:text/html," part...

> But, as far as security, I don't remember what @doc has over
> @src="data:". I think it was mentioned though and had something to do
> with origin problems with src="data:".

Specifically that some current UAs put src="data:" in the origin of the 
parent page?

-Boris

Received on Sunday, 17 January 2010 02:55:13 UTC