13659 – 4.8.2 srcdoc seems error prone

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 13659 - 4.8.2 srcdoc seems error prone

Summary: 4.8.2 srcdoc seems error prone

Status:	VERIFIED DUPLICATE of bug 13599

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	LC1 HTML5 spec (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ian 'Hixie' Hickson
QA Contact:	HTML WG Bugzilla archive list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-08-04 02:28 UTC by Cynthia Shelly
Modified:	2012-01-13 00:24 UTC (History)
CC List:	4 users (show)

See Also:

Attachments

Description Cynthia Shelly 2011-08-04 02:28:16 UTC

"Notice the way that quotes have to be escaped (otherwise the sandbox attribute would end prematurely), and the way raw ampersands (e.g. in URLs or in prose) mentioned in the sandboxed content have to be doubly escaped  once so that the ampersand is preserved when originally parsing the sandbox attribute, and once more to prevent the ampersand from being misinterpreted when parsing the sandboxed content."

It seems likely that injecting HTML as escaped (and DOUBLE escaped) strings within an attribute will be difficult to get right, and will result in many authoring errors.  What is the use case for this?

Comment 1 Michael[tm] Smith 2011-08-04 05:13:32 UTC

mass-move component to LC1

Comment 2 Tab Atkins Jr. 2011-08-04 05:26:25 UTC


*** This bug has been marked as a duplicate of bug 13599 ***