[whatwg] srcdoc="" feedback
ian at hixie.ch
Mon Nov 15 14:16:48 PST 2010
On Mon, 15 Nov 2010, Tab Atkins Jr. wrote:
> I'm not sure why making this case marginally more convenient is
> important. If you're going to be pointing the frame to real pages
> anyway, why is it a burden to supply an initial page?
It's a latency round-trip perf improvement on page load time.
> @srcdoc wasn't designed to support author-authored (hah!) pages; if
> that's a use-case we were aiming for we would have let <iframe> display
> its contents when there's no @src, or similar.
That would break existing pages and would not be as safe in the sandboxing
case as srcdoc="". Providing both syntaxes seems excessive, and would
likely result in people using the wrong one when they need security.
> Markup in attributes is a definite antipattern that we're violating in
> this particular case only because it's the simplest thing for authors,
> and thus the most likely to be done right.
I don't really agree that it's an antipattern. There are certainly
situations where it's a bad idea to put markup in a string context, but
that's primarily because it can't be syntax checked (e.g. DTDs can't check
markup in an attribute; innerHTML is bad because there's no good way to
syntax-check the contents of a string constant in JS; etc). If you can get
it to be syntax-checked (as we have with srcdoc='', and as E4X does for
XML constants in JS) then I don't really see a problem.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg