- From: Kornel Lesinski <kornel@geekhood.net>
- Date: Mon, 25 Jan 2010 22:47:29 -0000
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "public-html@w3.org" <public-html@w3.org>
On Mon, 25 Jan 2010 21:17:19 -0000, Julian Reschke <julian.reschke@gmx.de> wrote: >>> Furthermore, the data: URI scheme allows you to specify the mime type, >>> so the HTML vs XHTML question is already answered. >> data: cannot be used (it's been explained before), but perhaps new URI >> scheme could be created instead (e.g. data+sandbox)? This would degrade >> safely in current browsers and we wouldn't have to create *-sandboxed >> variant of every MIME type. > > It has been explained that @src and data: can't be used as-is without > more work. I'm trying to find out what "more work" exactly means, and > whether it's feasible. AFAIK "more work" means figuring out way to protect UAs that support data:, but not @sandbox. It is feasible: e.g. a different MIME type (*-sandbox) could be used in data: URIs, but it wouldn't degrade as nicely as @srcdoc could: <iframe src="data:text/plain,hello" sandbox srcdoc="<b>hello</b>"></iframe> -- regards, Kornel Lesinski
Received on Monday, 25 January 2010 22:48:13 UTC