HTML Standard Tracker

Diff (omit for latest revision)

Short URL:

File a bug

SVNBugCommentTime (UTC)
4623Add an example of srcdoc='' and some usage notes.2010-01-24 06:45
Index: source
--- source	(revision 4622)
+++ source	(revision 4623)
@@ -20949,10 +20949,51 @@
   <div class="example">
-   <p class="XXX">example for srcdoc here</p>
+   <p>Here a blog uses the <code
+   title="attr-iframe-srcdoc">srcdoc</code> attribute in conjunction
+   with the <code title="attr-iframe-sandbox">sandbox</code> and <code
+   title="attr-iframe-seamless">seamless</code> attributes described
+   below to provide users of user agents that support this feature
+   with an extra layer of protection from script injection in the blog
+   post comments:</p>
+   <pre>&lt;article>
+ &lt;h1>I got my own magazine!&lt;/h1>
+ &lt;p>After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!&lt;/p>
+ &lt;footer>
+  &lt;p>Written by &lt;a href="/users/cap">cap&lt;/a>.
+  &lt;time pubdate>2009-08-21T23:32Z&lt;/time>&lt;/p>
+ &lt;/footer>
+ &lt;article>
+  &lt;footer> At &lt;time pubdate>2009-08-21T23:35Z&lt;/time>, &lt;a href="/users/ch">ch&lt;/a> writes: &lt;/footer>
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>did you get a cover picture yet?">&lt;/iframe>
+ &lt;/article>
+ &lt;article>
+  &lt;footer> At &lt;time pubdate>2009-08-21T23:44Z&lt;/time>, &lt;a href="/users/cap">cap&lt;/a> writes: &lt;/footer>
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;>in my gallery&lt;/a>.">&lt;/iframe>
+ &lt;/article>
+ &lt;article>
+  &lt;footer> At &lt;time pubdate>2009-08-21T23:58Z&lt;/time>, &lt;a href="/users/ch">ch&lt;/a> writes: &lt;/footer>
+  &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>hey that's earl's table.
+&lt;p>you should get earl&amp;amp;me on the next cover.">&lt;/iframe>
+ &lt;/article></pre>
+  <p class="note">In <span>the HTML syntax</span>, authors need only
+  remember to use U+0022 QUOTATION MARK characters (") to wrap the
+  attribute contents and then to quote all U+0022 QUOTATION MARK (")
+  and U+0026 AMPERSAND (&amp;) characters, and to specify the <code
+  title="attr-iframe-sandbox">sandbox</code> attribute, to ensure safe
+  embedding of content.</p>
+  <p class="note">Due to restrictions of <span>the XML syntax</span>,
+  in XML a number of other characters need to be escaped also to
+  ensure correctness.</p>
   <p>The <dfn title="attr-iframe-name"><code>name</code></dfn>