Menu
For example, which is the difference between these:
<iframe srcdoc="<p>Some HTML</p>"></iframe> <iframe src="data:text/html,<p>Some HTML</p>"></iframe> Demo
And, in case they are exactly the same, why did HTML5 add srcdoc attribute?
Edit
Maybe I wasn't clear enough. I am not comparing src with srcdoc, but src using text/html data URI with srcdoc.
Then, if the functionality chart is like this
| src attribute | srcdoc attribute -------------------------------------------------------------------- URL | Yes | No without using src (*) HTML content | Yes, using data URI | Yes
why is srcdoc needed?
(*) Note:
It seems srcdoc can be used to load a page by URL (Demo), using a subiframe with srcattribute:
<iframe srcdoc="<iframe src='http://microsoft.com'></iframe>"></iframe> 
933
The srcdoc attribute specifies the HTML content of the page to show in the inline frame. Tip: This attribute is expected to be used together with the sandbox and seamless attributes. If a browser supports the srcdoc attribute, it will override the content specified in the src attribute (if present).
The src attribute specifies the address of the document to embed in an iframe.
HTML | <iframe> srcdoc Attribute The HTML <iframe> srcdoc Attribute is used to specify the HTML content of the document in the element. It can be used together with the sandbox and seamless attributes. HTML_code: It is used to specify the HTML content of the page which will display in an Iframe element.
The HTML <iframe> src attribute is used to specify the URL of the document that are embedded to the <iframe> element. Attribute Values: It contains single value URL which specifies the URL of the document that is embedded to the iframe.
The other answers list some superficial differences, but really miss the mark of the key difference that explains why browsers/spec writers would essentially duplicate something that already exists:
<iframe src="data:...untrusted content" sandbox /> <- Secure in modern browsers, insecure in legacy browsers with no sandbox support
<iframe srcdoc="...untrusted content" sandbox /> <- Secure in modern browsers, secure (though non-functional) in legacy browsers
This new syntax provides content authors a way to protect their users, even when they may be using legacy browsers. Without it, content authors would be reluctant to use the sandbox feature at all, and it would not see use.
169
From MDN :
1. The content of the page that the embedded context is to contain. This attribute is expected to be used together with the sandbox and seamless attributes. If a browser supports the srcdoc attribute, it will override the content specified in the src attribute (if present). If a browser does NOT support the srcdoc attribute, it will show the file specified in the src attribute instead (if present).
So, the srcdoc attribute overrides the content embedded using src attribute.
Demo
Also, what you are saying about the following snippet data:text/html is called Data URI and it has limitations..
2. Data URIs cannot be larger than 32,768 characters.
1. MDN, 2. MSDN
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
