On Mon, 25 Jan 2010 21:17:19 -0000, Julian Reschke <julian.reschke@gmx.de> wrote: >>> Furthermore, the data: URI scheme allows you to specify the mime type, >>> so the HTML vs XHTML question is already answered. >> data: cannot be used (it's been explained before), but perhaps new URI >> scheme could be created instead (e.g. data+sandbox)? This would degrade >> safely in current browsers and we wouldn't have to create *-sandboxed >> variant of every MIME type. > > It has been explained that @src and data: can't be used as-is without > more work. I'm trying to find out what "more work" exactly means, and > whether it's feasible. AFAIK "more work" means figuring out way to protect UAs that support data:, but not @sandbox. It is feasible: e.g. a different MIME type (*-sandbox) could be used in data: URIs, but it wouldn't degrade as nicely as @srcdoc could: <iframe src="data:text/plain,hello" sandbox srcdoc="<b>hello</b>"></iframe> -- regards, Kornel LesinskiReceived on Monday, 25 January 2010 22:48:13 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:08 UTC