Browse files

[e] (0) Add an example of srcdoc='' and some usage notes.

git-svn-id: http://svn.whatwg.org/webapps@4623 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent cd08050 commit 5fae353673e7b190d45909aa08de4159ae5200d7 @Hixie Hixie committed Jan 24, 2010
Showing with 120 additions and 3 deletions.
  1. +39 −1 complete.html
  2. +39 −1 index
  3. +42 −1 source
View
40 complete.html
@@ -19694,10 +19694,48 @@ <h4 id=the-iframe-element><span class=secno>4.8.3 </span>The <dfn><code>iframe</
<div class=example>
- <p class=XXX>example for srcdoc here</p>
+ <p>Here a blog uses the <code title=attr-iframe-srcdoc><a href=#attr-iframe-srcdoc>srcdoc</a></code> attribute in conjunction
+ with the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> and <code title=attr-iframe-seamless><a href=#attr-iframe-seamless>seamless</a></code> attributes described
+ below to provide users of user agents that support this feature
+ with an extra layer of protection from script injection in the blog
+ post comments:</p>
+
+ <pre>&lt;article&gt;
+ &lt;h1&gt;I got my own magazine!&lt;/h1&gt;
+ &lt;p&gt;After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!&lt;/p&gt;
+ &lt;footer&gt;
+ &lt;p&gt;Written by &lt;a href="/users/cap"&gt;cap&lt;/a&gt;.
+ &lt;time pubdate&gt;2009-08-21T23:32Z&lt;/time&gt;&lt;/p&gt;
+ &lt;/footer&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:35Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;did you get a cover picture yet?"&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;hey that's earl's table.
+&lt;p&gt;you should get earl&amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;</pre>
</div>
+ <p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only
+ remember to use U+0022 QUOTATION MARK characters (") to wrap the
+ attribute contents and then to quote all U+0022 QUOTATION MARK (")
+ and U+0026 AMPERSAND (&amp;) characters, and to specify the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, to ensure safe
+ embedding of content.</p>
+
+ <p class=note>Due to restrictions of <span>the XML syntax</span>,
+ in XML a number of other characters need to be escaped also to
+ ensure correctness.</p>
+
<hr><p>The <dfn id=attr-iframe-name title=attr-iframe-name><code>name</code></dfn>
attribute, if present, must be a <a href=#valid-browsing-context-name>valid browsing context
name</a>. The given value is used to name the <a href=#nested-browsing-context>nested
View
40 index
@@ -19594,10 +19594,48 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
<div class=example>
- <p class=XXX>example for srcdoc here</p>
+ <p>Here a blog uses the <code title=attr-iframe-srcdoc><a href=#attr-iframe-srcdoc>srcdoc</a></code> attribute in conjunction
+ with the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> and <code title=attr-iframe-seamless><a href=#attr-iframe-seamless>seamless</a></code> attributes described
+ below to provide users of user agents that support this feature
+ with an extra layer of protection from script injection in the blog
+ post comments:</p>
+
+ <pre>&lt;article&gt;
+ &lt;h1&gt;I got my own magazine!&lt;/h1&gt;
+ &lt;p&gt;After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!&lt;/p&gt;
+ &lt;footer&gt;
+ &lt;p&gt;Written by &lt;a href="/users/cap"&gt;cap&lt;/a&gt;.
+ &lt;time pubdate&gt;2009-08-21T23:32Z&lt;/time&gt;&lt;/p&gt;
+ &lt;/footer&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:35Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;did you get a cover picture yet?"&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:44Z&lt;/time&gt;, &lt;a href="/users/cap"&gt;cap&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;&gt;in my gallery&lt;/a&gt;."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;
+ &lt;article&gt;
+ &lt;footer&gt; At &lt;time pubdate&gt;2009-08-21T23:58Z&lt;/time&gt;, &lt;a href="/users/ch"&gt;ch&lt;/a&gt; writes: &lt;/footer&gt;
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p&gt;hey that's earl's table.
+&lt;p&gt;you should get earl&amp;amp;me on the next cover."&gt;&lt;/iframe&gt;
+ &lt;/article&gt;</pre>
</div>
+ <p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only
+ remember to use U+0022 QUOTATION MARK characters (") to wrap the
+ attribute contents and then to quote all U+0022 QUOTATION MARK (")
+ and U+0026 AMPERSAND (&amp;) characters, and to specify the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, to ensure safe
+ embedding of content.</p>
+
+ <p class=note>Due to restrictions of <span>the XML syntax</span>,
+ in XML a number of other characters need to be escaped also to
+ ensure correctness.</p>
+
<hr><p>The <dfn id=attr-iframe-name title=attr-iframe-name><code>name</code></dfn>
attribute, if present, must be a <a href=#valid-browsing-context-name>valid browsing context
name</a>. The given value is used to name the <a href=#nested-browsing-context>nested
View
43 source
@@ -20949,10 +20949,51 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>
<div class="example">
- <p class="XXX">example for srcdoc here</p>
+ <p>Here a blog uses the <code
+ title="attr-iframe-srcdoc">srcdoc</code> attribute in conjunction
+ with the <code title="attr-iframe-sandbox">sandbox</code> and <code
+ title="attr-iframe-seamless">seamless</code> attributes described
+ below to provide users of user agents that support this feature
+ with an extra layer of protection from script injection in the blog
+ post comments:</p>
+
+ <pre>&lt;article>
+ &lt;h1>I got my own magazine!&lt;/h1>
+ &lt;p>After much effort, I've finally found a publisher, and so now I
+ have my own magazine! Isn't that awesome?! The first issue will come
+ out in September, and we have articles about getting food, and about
+ getting in boxes, it's going to be great!&lt;/p>
+ &lt;footer>
+ &lt;p>Written by &lt;a href="/users/cap">cap&lt;/a>.
+ &lt;time pubdate>2009-08-21T23:32Z&lt;/time>&lt;/p>
+ &lt;/footer>
+ &lt;article>
+ &lt;footer> At &lt;time pubdate>2009-08-21T23:35Z&lt;/time>, &lt;a href="/users/ch">ch&lt;/a> writes: &lt;/footer>
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>did you get a cover picture yet?">&lt;/iframe>
+ &lt;/article>
+ &lt;article>
+ &lt;footer> At &lt;time pubdate>2009-08-21T23:44Z&lt;/time>, &lt;a href="/users/cap">cap&lt;/a> writes: &lt;/footer>
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>Yeah, you can see it &lt;a href=&amp;quot;/gallery/cover/1&amp;quot;>in my gallery&lt;/a>.">&lt;/iframe>
+ &lt;/article>
+ &lt;article>
+ &lt;footer> At &lt;time pubdate>2009-08-21T23:58Z&lt;/time>, &lt;a href="/users/ch">ch&lt;/a> writes: &lt;/footer>
+ &lt;iframe seamless sandbox="allow-same-origin" srcdoc="&lt;p>hey that's earl's table.
+&lt;p>you should get earl&amp;amp;me on the next cover.">&lt;/iframe>
+ &lt;/article></pre>
</div>
+ <p class="note">In <span>the HTML syntax</span>, authors need only
+ remember to use U+0022 QUOTATION MARK characters (") to wrap the
+ attribute contents and then to quote all U+0022 QUOTATION MARK (")
+ and U+0026 AMPERSAND (&amp;) characters, and to specify the <code
+ title="attr-iframe-sandbox">sandbox</code> attribute, to ensure safe
+ embedding of content.</p>
+
+ <p class="note">Due to restrictions of <span>the XML syntax</span>,
+ in XML a number of other characters need to be escaped also to
+ ensure correctness.</p>
+
<hr>
<p>The <dfn title="attr-iframe-name"><code>name</code></dfn>

0 comments on commit 5fae353

Please sign in to comment.