- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Sat, 16 Jan 2010 21:54:33 -0500
- To: "Michael A. Puls II" <shadow2531@gmail.com>
- CC: public-html WG <public-html@w3.org>
On 1/16/10 8:54 PM, Michael A. Puls II wrote:
> <!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title></title>
> </head>
> <body>
> <iframe doc='<!DOCTYPE html>
> <html>
> <head>
> <meta charset="utf-8">
> <title>test</title>
> </head>
> <body>
> <p>test</p>
> </body>
> </html>'></iframe>
> </body>
> </html>
Try this in a Gecko-based browser:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<iframe src='data:text/html,<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>test</title>
</head>
<body>
<p>test</p>
</body>
</html>'></iframe>
</body>
</html>
Yes, that's technically not a valid data: URI. Perhaps it's worth just
making it valid?
> @doc is way more readable (the @ value at least), easier to author by
> hand, and tends to use less bytes than data URIs (although that might
> depend on how much you have to use entities so the markup doesn't break
> out of the attribute).
The data: URI as used above will of course always use a few more bytes
for the "data:text/html," part...
> But, as far as security, I don't remember what @doc has over
> @src="data:". I think it was mentioned though and had something to do
> with origin problems with src="data:".
Specifically that some current UAs put src="data:" in the origin of the
parent page?
-Boris
Received on Sunday, 17 January 2010 02:55:13 UTC