Re: <iframe doc="">

Ian Hickson wrote:
>   - data: attributes require more escaping
>   - the definition of 'origin' for data: attributes isn't fully stable
>   - using data: has the wrong fallback story (it fails open, instead of
>     closed)

While this doesn't address the first two points, the fallback story can 
be somewhat improved by using text/html-sandboxed:

<iframe src="data:text/html-sandboxed,<!DOCTYPE html><p>test"></iframe>

The fallback for this is then the same as for using text/html-sandboxed 
over HTTP, which admittedly has its own set of problems in current browsers.

Lachlan Hunt - Opera Software

Received on Sunday, 17 January 2010 17:56:09 UTC