[whatwg] idea about html code security anti xss
Anne van Kesteren
annevk at opera.com
Wed Jun 16 02:30:45 PDT 2010
On Wed, 16 Jun 2010 03:19:59 +0200, gabmeyer at westweb.at
<gabmeyer at westweb.at> wrote:
> Please let me know what you think about this idea.
We considered something like this before, but it was thought to be too
complicated and not backwards compatible enough. In the current draft you
will find <iframe srcdoc=...></iframe> which does what you propose with
the relatively small change that the sandboxed code is inside an attribute
rather than an element. For fallback the src attribute can be used.
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list