Re: innerHTML in DocumentFragment from Ojan Vafai on 2011-11-07 (public-webapps@w3.org from October to December 2011)

From: Ojan Vafai <ojan@chromium.org>
Date: Mon, 7 Nov 2011 09:30:05 -0800
To: Ryan Seddon <seddon.ryan@gmail.com>
Cc: Yehuda Katz <wycats@gmail.com>, public-webapps WG <public-webapps@w3.org>
Message-ID: <CANMdWTsO-QuUw6RBv1VfE9Qwz2GFyHfHhcjSzmevk7eME9R2gQ@mail.gmail.com>

I don't really follow. Script won't execute until you append the fragment
to the DOM, at which point the fragment itself doesn't go in the DOM, just
it's children. So, I'm not really sure what sandboxing on fragments would
do.

On Fri, Nov 4, 2011 at 11:14 PM, Ryan Seddon <seddon.ryan@gmail.com> wrote:

> This would be a great addition, another thought would be the ability to
> sandbox the documentFragment. Much the same way you can sanitise
> responseText from an XHR using and iframe with the sandbox attribute being
> able to do this with fragments would be might handy.
>

Received on Monday, 7 November 2011 17:30:58 UTC