W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2010

[whatwg] idea about html code security anti xss

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 16 Jun 2010 11:30:45 +0200
Message-ID: <op.vedzdjd364w2qv@annevk-t60>
On Wed, 16 Jun 2010 03:19:59 +0200, gabmeyer at westweb.at  
<gabmeyer at westweb.at> wrote:
> Please let me know what you think about this idea.

We considered something like this before, but it was thought to be too  
complicated and not backwards compatible enough. In the current draft you  
will find <iframe srcdoc=...></iframe> which does what you propose with  
the relatively small change that the sandboxed code is inside an attribute  
rather than an element. For fallback the src attribute can be used.

Anne van Kesteren
Received on Wednesday, 16 June 2010 02:30:45 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:24 UTC