然后，如果功能图是这样的

 
 | src属性| srcdoc属性
 -------------------------------------------- ------------------------ 
 URL |是|否，不使用src（*）
 HTML内容|是的，使用数据URI |是
 

为什么需要 srcdoc ？

< em>浏览器/规格编写者为什么会重复已存在的内容：

< iframe srcdoc =...不可信内容沙箱/> < - 在现代浏览器中安全， strong>安全（虽然不起作用）在传统浏览器中

这种新语法为内容作者提供了一种保护用户的方法，即使他们可能正在使用传统浏览器。没有它，内容作者根本不愿意使用沙箱功能，也不会看到使用。

For example, which is the difference between these:

<iframe srcdoc="<p>Some HTML</p>"></iframe>
<iframe src="data:text/html,<p>Some HTML</p>"></iframe>

Demo

And, in case they are exactly the same, why did HTML5 add srcdoc attribute?

Edit

Maybe I wasn't clear enough. I am not comparing src with srcdoc, but src using text/html data URI with srcdoc.

Then, if the functionality chart is like this

                   |  src attribute       |  srcdoc attribute
 --------------------------------------------------------------------
  URL              |  Yes                 |  No without using src (*)
  HTML content     |  Yes, using data URI |  Yes

why is srcdoc needed?

(*) Note:

It seems srcdoc can be used to load a page by URL (Demo), using a subiframe with srcattribute:

<iframe srcdoc="<iframe src='http://microsoft.com'></iframe>"></iframe>

The other answers list some superficial differences, but really miss the mark of the key difference that explains why browsers/spec writers would essentially duplicate something that already exists:

<iframe src="data:...untrusted content" sandbox /> <- Secure in modern browsers, insecure in legacy browsers with no sandbox support

<iframe srcdoc="...untrusted content" sandbox /> <- Secure in modern browsers, secure (though non-functional) in legacy browsers

This new syntax provides content authors a way to protect their users, even when they may be using legacy browsers. Without it, content authors would be reluctant to use the sandbox feature at all, and it would not see use.

这篇关于srcdoc =“...”之间的区别是什么？和src =&quot; data：text / html，...&quot;在&lt; iframe&gt;中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！