- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 17 Jan 2010 10:18:12 -0800
- To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Cc: Ian Hickson <ian@hixie.ch>, public-html@w3.org
One advantage of @doc over @src=data is that setting @doc via the DOM
is pretty idiot-proof:
window.addEventListener("message", function (evt) {
var ifr = makeMeAnIframe();
ifr.sandbox = "allow-scripts";
ifr.doc = evt.data;
}, false);
Adam
On Sun, Jan 17, 2010 at 9:55 AM, Lachlan Hunt <lachlan.hunt@lachy.id.au> wrote:
> Ian Hickson wrote:
>>
>> - data: attributes require more escaping
>> - the definition of 'origin' for data: attributes isn't fully stable
>> - using data: has the wrong fallback story (it fails open, instead of
>> closed)
>
> While this doesn't address the first two points, the fallback story can be
> somewhat improved by using text/html-sandboxed:
>
> <iframe src="data:text/html-sandboxed,<!DOCTYPE html><p>test"></iframe>
>
> The fallback for this is then the same as for using text/html-sandboxed over
> HTTP, which admittedly has its own set of problems in current browsers.
>
> --
> Lachlan Hunt - Opera Software
> http://lachy.id.au/
> http://www.opera.com/
>
>
Received on Sunday, 17 January 2010 18:19:06 UTC