Re: <iframe doc="">

Tab Atkins Jr. wrote:
> ...
> If I had to write it by hand, of course I wouldn't be happy.  That's
> not what it's for.  If I'm writing it by hand I can skip the <iframes>
> entirely, because I know what I'm writing and thus don't need to
> protect myself against myself.  This sort of stuff is meant to be
> generated by code, like this:
> ...

Indeed.

And that code could also produce properly escaped data URIs.

Can we please try harder to avoid introducing another attribute, and fix 
the problem we have with data URIs instead?

Best regards, Julian

Received on Sunday, 24 January 2010 20:07:06 UTC