Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[e] (0) Add an example of srcdoc='' and some usage notes.
git-svn-id: http://svn.whatwg.org/webapps@4623 340c8d12-0b0e-0410-8428-c7bf67bfef74
- Loading branch information
Showing
with
120 additions
and 3 deletions.
- +39 −1 complete.html
- +39 −1 index
- +42 −1 source
|
||
<div class=example> | ||
|
||
<p class=XXX>example for srcdoc here</p> | ||
<p>Here a blog uses the <code title=attr-iframe-srcdoc><a href=#attr-iframe-srcdoc>srcdoc</a></code> attribute in conjunction | ||
with the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> and <code title=attr-iframe-seamless><a href=#attr-iframe-seamless>seamless</a></code> attributes described | ||
below to provide users of user agents that support this feature | ||
with an extra layer of protection from script injection in the blog | ||
post comments:</p> | ||
|
||
<pre><article> | ||
<h1>I got my own magazine!</h1> | ||
<p>After much effort, I've finally found a publisher, and so now I | ||
have my own magazine! Isn't that awesome?! The first issue will come | ||
out in September, and we have articles about getting food, and about | ||
getting in boxes, it's going to be great!</p> | ||
<footer> | ||
<p>Written by <a href="/users/cap">cap</a>. | ||
<time pubdate>2009-08-21T23:32Z</time></p> | ||
</footer> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:35Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>did you get a cover picture yet?"></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>hey that's earl's table. | ||
<p>you should get earl&amp;me on the next cover."></iframe> | ||
</article></pre> | ||
|
||
</div> | ||
|
||
<p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only | ||
remember to use U+0022 QUOTATION MARK characters (") to wrap the | ||
attribute contents and then to quote all U+0022 QUOTATION MARK (") | ||
and U+0026 AMPERSAND (&) characters, and to specify the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, to ensure safe | ||
embedding of content.</p> | ||
|
||
<p class=note>Due to restrictions of <span>the XML syntax</span>, | ||
in XML a number of other characters need to be escaped also to | ||
ensure correctness.</p> | ||
|
||
<hr><p>The <dfn id=attr-iframe-name title=attr-iframe-name><code>name</code></dfn> | ||
attribute, if present, must be a <a href=#valid-browsing-context-name>valid browsing context | ||
name</a>. The given value is used to name the <a href=#nested-browsing-context>nested |
|
||
<div class=example> | ||
|
||
<p class=XXX>example for srcdoc here</p> | ||
<p>Here a blog uses the <code title=attr-iframe-srcdoc><a href=#attr-iframe-srcdoc>srcdoc</a></code> attribute in conjunction | ||
with the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> and <code title=attr-iframe-seamless><a href=#attr-iframe-seamless>seamless</a></code> attributes described | ||
below to provide users of user agents that support this feature | ||
with an extra layer of protection from script injection in the blog | ||
post comments:</p> | ||
|
||
<pre><article> | ||
<h1>I got my own magazine!</h1> | ||
<p>After much effort, I've finally found a publisher, and so now I | ||
have my own magazine! Isn't that awesome?! The first issue will come | ||
out in September, and we have articles about getting food, and about | ||
getting in boxes, it's going to be great!</p> | ||
<footer> | ||
<p>Written by <a href="/users/cap">cap</a>. | ||
<time pubdate>2009-08-21T23:32Z</time></p> | ||
</footer> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:35Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>did you get a cover picture yet?"></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>hey that's earl's table. | ||
<p>you should get earl&amp;me on the next cover."></iframe> | ||
</article></pre> | ||
|
||
</div> | ||
|
||
<p class=note>In <a href=#syntax>the HTML syntax</a>, authors need only | ||
remember to use U+0022 QUOTATION MARK characters (") to wrap the | ||
attribute contents and then to quote all U+0022 QUOTATION MARK (") | ||
and U+0026 AMPERSAND (&) characters, and to specify the <code title=attr-iframe-sandbox><a href=#attr-iframe-sandbox>sandbox</a></code> attribute, to ensure safe | ||
embedding of content.</p> | ||
|
||
<p class=note>Due to restrictions of <span>the XML syntax</span>, | ||
in XML a number of other characters need to be escaped also to | ||
ensure correctness.</p> | ||
|
||
<hr><p>The <dfn id=attr-iframe-name title=attr-iframe-name><code>name</code></dfn> | ||
attribute, if present, must be a <a href=#valid-browsing-context-name>valid browsing context | ||
name</a>. The given value is used to name the <a href=#nested-browsing-context>nested |
|
||
<div class="example"> | ||
|
||
<p class="XXX">example for srcdoc here</p> | ||
<p>Here a blog uses the <code | ||
title="attr-iframe-srcdoc">srcdoc</code> attribute in conjunction | ||
with the <code title="attr-iframe-sandbox">sandbox</code> and <code | ||
title="attr-iframe-seamless">seamless</code> attributes described | ||
below to provide users of user agents that support this feature | ||
with an extra layer of protection from script injection in the blog | ||
post comments:</p> | ||
|
||
<pre><article> | ||
<h1>I got my own magazine!</h1> | ||
<p>After much effort, I've finally found a publisher, and so now I | ||
have my own magazine! Isn't that awesome?! The first issue will come | ||
out in September, and we have articles about getting food, and about | ||
getting in boxes, it's going to be great!</p> | ||
<footer> | ||
<p>Written by <a href="/users/cap">cap</a>. | ||
<time pubdate>2009-08-21T23:32Z</time></p> | ||
</footer> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:35Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>did you get a cover picture yet?"></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:44Z</time>, <a href="/users/cap">cap</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>Yeah, you can see it <a href=&quot;/gallery/cover/1&quot;>in my gallery</a>."></iframe> | ||
</article> | ||
<article> | ||
<footer> At <time pubdate>2009-08-21T23:58Z</time>, <a href="/users/ch">ch</a> writes: </footer> | ||
<iframe seamless sandbox="allow-same-origin" srcdoc="<p>hey that's earl's table. | ||
<p>you should get earl&amp;me on the next cover."></iframe> | ||
</article></pre> | ||
|
||
</div> | ||
|
||
<p class="note">In <span>the HTML syntax</span>, authors need only | ||
remember to use U+0022 QUOTATION MARK characters (") to wrap the | ||
attribute contents and then to quote all U+0022 QUOTATION MARK (") | ||
and U+0026 AMPERSAND (&) characters, and to specify the <code | ||
title="attr-iframe-sandbox">sandbox</code> attribute, to ensure safe | ||
embedding of content.</p> | ||
|
||
<p class="note">Due to restrictions of <span>the XML syntax</span>, | ||
in XML a number of other characters need to be escaped also to | ||
ensure correctness.</p> | ||
|
||
<hr> | ||
|
||
<p>The <dfn title="attr-iframe-name"><code>name</code></dfn> |