- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 25 Jan 2010 12:10:36 -0600
- To: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, Lars Gunther <gunther@keryx.se>, "public-html@w3.org WG" <public-html@w3.org>
On Mon, Jan 25, 2010 at 12:02 PM, Aryeh Gregor <Simetrical+w3c@gmail.com> wrote: > On reflection, I'm not at all sure that anyone much would use srcdoc > in a serious app -- it's probably too rigid. It could be useful for > quick hack-ups, but I don't know if those are worth it. Who would > actually use srcdoc? I'd certainly use it as a fairly secure defense against scripting attacks. Just a plain @sandbox with nothing allowed will defend my users more securely than anything a regexp-based filter can promise. ~TJ
Received on Monday, 25 January 2010 18:11:23 UTC