W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] srcdoc="" feedback

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 15 Nov 2010 22:16:48 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1011152204130.11018@ps20323.dreamhostps.com>
On Mon, 15 Nov 2010, Tab Atkins Jr. wrote:
>
> I'm not sure why making this case marginally more convenient is 
> important.  If you're going to be pointing the frame to real pages 
> anyway, why is it a burden to supply an initial page?

It's a latency round-trip perf improvement on page load time.


> @srcdoc wasn't designed to support author-authored (hah!) pages; if 
> that's a use-case we were aiming for we would have let <iframe> display 
> its contents when there's no @src, or similar.

That would break existing pages and would not be as safe in the sandboxing 
case as srcdoc="". Providing both syntaxes seems excessive, and would 
likely result in people using the wrong one when they need security.


> Markup in attributes is a definite antipattern that we're violating in 
> this particular case only because it's the simplest thing for authors, 
> and thus the most likely to be done right.

I don't really agree that it's an antipattern. There are certainly 
situations where it's a bad idea to put markup in a string context, but 
that's primarily because it can't be syntax checked (e.g. DTDs can't check 
markup in an attribute; innerHTML is bad because there's no good way to 
syntax-check the contents of a string constant in JS; etc). If you can get 
it to be syntax-checked (as we have with srcdoc='', and as E4X does for 
XML constants in JS) then I don't really see a problem.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 15 November 2010 14:16:48 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC