- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Tue, 31 Aug 2010 15:39:08 -0700
2010/8/31 Kornel Lesi?ski <kornel at geekhood.net>: > On Mon, 30 Aug 2010 23:13:04 +0100, Justin Schuh <jschuh at chromium.org> > wrote: >>> At least as currently drafted, srcdoc is not a security feature. It's a >>> convenience feature. It is also designed to work well in tandem with a >>> particular security feature (sandbox). But by itself, it is not a security >>> feature. >> >> Data URLs already provide this. > > What about existing UAs that implement data: URIs, but not sandbox? What about them? (Remember, the context of the "use data urls" suggestion was to solve the minority use-case of wanting to fill an <iframe> without a network request, without triggering sandboxing.) ~TJ
Received on Tuesday, 31 August 2010 15:39:08 UTC