13659 2011-08-04 02:28:16 +0000 4.8.2 srcdoc seems error prone 2012-01-13 00:24:31 +0000 1 1 1 Unclassified HTML WG LC1 HTML5 spec unspecified PC Windows NT VERIFIED DUPLICATE 13599 P2 normal --- 1 cyns ian jackalmage mike public-html-admin public-html-wg-issue-tracking public-html-bugzilla oldest_to_newest 52299 0 cyns 2011-08-04 02:28:16 +0000 "Notice the way that quotes have to be escaped (otherwise the sandbox attribute would end prematurely), and the way raw ampersands (e.g. in URLs or in prose) mentioned in the sandboxed content have to be doubly escaped — once so that the ampersand is preserved when originally parsing the sandbox attribute, and once more to prevent the ampersand from being misinterpreted when parsing the sandboxed content." It seems likely that injecting HTML as escaped (and DOUBLE escaped) strings within an attribute will be difficult to get right, and will result in many authoring errors. What is the use case for this? 53405 1 mike 2011-08-04 05:13:32 +0000 mass-move component to LC1 53838 2 jackalmage 2011-08-04 05:26:25 +0000 *** This bug has been marked as a duplicate of bug 13599 ***