- Issue created by @prudloff
- πΊπΈUnited States smustgrave
Reading up on srcdoc on https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement/srcdoc and the example
iframe.srcdoc = `<!doctype html><p>Hello World!</p>`; document.body.appendChild(iframe);
Shows HTML being used so would agree it probably should be stripped. Not sure if this needs a CR? Will let committer decide