Re: <iframe doc="">

On Mon, Jan 25, 2010 at 12:02 PM, Aryeh Gregor <> wrote:
> On reflection, I'm not at all sure that anyone much would use srcdoc
> in a serious app -- it's probably too rigid.  It could be useful for
> quick hack-ups, but I don't know if those are worth it.  Who would
> actually use srcdoc?

I'd certainly use it as a fairly secure defense against scripting
attacks.  Just a plain @sandbox with nothing allowed will defend my
users more securely than anything a regexp-based filter can promise.


Received on Monday, 25 January 2010 18:11:23 UTC