[whatwg] idea about html code security anti xss

Anne van Kesteren annevk at opera.com
Wed Jun 16 02:30:45 PDT 2010

On Wed, 16 Jun 2010 03:19:59 +0200, gabmeyer at westweb.at  
<gabmeyer at westweb.at> wrote:
> Please let me know what you think about this idea.

We considered something like this before, but it was thought to be too  
complicated and not backwards compatible enough. In the current draft you  
will find <iframe srcdoc=...></iframe> which does what you propose with  
the relatively small change that the sandboxed code is inside an attribute  
rather than an element. For fallback the src attribute can be used.

Anne van Kesteren

More information about the whatwg mailing list