- From: <bugzilla@jessica.w3.org>
- Date: Wed, 03 Aug 2011 08:37:25 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13599 Summary: Remove srcdoc attribute on iframe Product: HTML WG Version: unspecified Platform: PC OS/Version: Windows NT Status: NEW Severity: normal Priority: P2 Component: HTML5 spec (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: jirka@kosek.cz QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org Although srcdoc might be seen as a security improvement, it actually isn't. It adds another layer of escaping markup which can lead to errors. Especially in situations where srcdoc document will contain anorher iframe with src. If there is need for srcdoc functionality, then such functionality should be based on element not on attribute where escaping of markup is necessary. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Wednesday, 3 August 2011 08:37:26 UTC