Re: <iframe doc="">

On Mon, 25 Jan 2010 21:17:19 -0000, Julian Reschke <>  

>>> Furthermore, the data: URI scheme allows you to specify the mime type,  
>>> so the HTML vs XHTML question is already answered.
>>  data: cannot be used (it's been explained before), but perhaps new URI  
>> scheme could be created instead (e.g. data+sandbox)? This would degrade  
>> safely in current browsers and we wouldn't have to create *-sandboxed  
>> variant of every MIME type.
> It has been explained that @src and data: can't be used as-is without  
> more work. I'm trying to find out what "more work" exactly means, and  
> whether it's feasible.

AFAIK "more work" means figuring out way to protect UAs that support  
data:, but not @sandbox.

It is feasible: e.g. a different MIME type (*-sandbox) could be used in  
data: URIs, but it wouldn't degrade as nicely as @srcdoc could:

<iframe src="data:text/plain,hello" sandbox srcdoc="<b>hello</b>"></iframe>

regards, Kornel Lesinski

Received on Monday, 25 January 2010 22:48:13 UTC