Re: A perfect DOM sandbox

On 2/15/11 5:06 AM, gaz Heyes wrote:
> I think you might be confused with sdc's naming conventions, "src"
> actually refers to the source code supplied not the url of the iframe.

And one more thing.  If you just want to have your HTML parsed in a 
context in which scripts won't execute, you can simply createDocument a 
document via the DOMImplementation and then set innerHTML in there...

As you point out in your later mail, none of this helps if you want to 
import those nodes into another document and then show them to the user, 
since at that point event handler attributes will start working.


Received on Tuesday, 15 February 2011 16:45:18 UTC