What is the difference between srcdoc="..." and src="data:text/html,..." in an <iframe>?

html iframe

For example, which is the difference between these:

<iframe srcdoc="<p>Some HTML</p>"></iframe>
<iframe src="data:text/html,<p>Some HTML</p>"></iframe>

Demo

And, in case they are exactly the same, why did HTML5 add srcdoc attribute?

Edit

Maybe I wasn't clear enough. I am not comparing src with srcdoc, but src using text/html data URI with srcdoc.

Then, if the functionality chart is like this

                   |  src attribute       |  srcdoc attribute
 --------------------------------------------------------------------
  URL              |  Yes                 |  No without using src (*)
  HTML content     |  Yes, using data URI |  Yes

why is srcdoc needed?

(*) Note:

It seems srcdoc can be used to load a page by URL (Demo), using a subiframe with srcattribute:

<iframe srcdoc="<iframe src='http://microsoft.com'></iframe>"></iframe>

The other answers list some superficial differences, but really miss the mark of the key difference that explains why browsers/spec writers would essentially duplicate something that already exists:

<iframe src="data:...untrusted content" sandbox /> <- Secure in modern browsers, insecure in legacy browsers with no sandbox support

<iframe srcdoc="...untrusted content" sandbox /> <- Secure in modern browsers, secure (though non-functional) in legacy browsers

This new syntax provides content authors a way to protect their users, even when they may be using legacy browsers. Without it, content authors would be reluctant to use the sandbox feature at all, and it would not see use.


From MDN :

1. The content of the page that the embedded context is to contain. This attribute is expected to be used together with the sandbox and seamless attributes. If a browser supports the srcdoc attribute, it will override the content specified in the src attribute (if present). If a browser does NOT support the srcdoc attribute, it will show the file specified in the src attribute instead (if present).

So, the srcdoc attribute overrides the content embedded using src attribute.

Demo

Also, what you are saying about the following snippet data:text/html is called Data URI and it has limitations..

2. Data URIs cannot be larger than 32,768 characters.

1. MDN, 2. MSDN


Iframe with src attribute with HTML Content is cross domain,

But iframe with srcDoc attribute with HTML Content is not cross domain


As of writing - srcdoc in Chrome (v36) allows the setting and fetching of cookies, whereas the use of src with data URL does not:

Uncaught SecurityError: Failed to read the 'cookie' property from 'Document': Cookies are disabled inside 'data:' URLs

This may or may not be important to you, but rules out the use of data URLs in the application I am building, which is a shame, as of course IE doesn't support srcdoc currently (v11).

Related

How do you document the parameters of a function's closure parameter in Swift 3?
PWA: How to programmatically trigger : "Add to homescreen"? on iOS Safari
When to use Binary Space Partitioning, Quadtree, Octree?
Logging in Java and in general: Best Practices?
What does "class :" mean in C++?
Java: accessing private constructor with type parameters
Cant open qt based applications
Why `Permission denied` for `ls` and `touch` when folder have `r` and `w` permissions for everybody? [duplicate]
Absolutely Nothing Apearing in "Additional Drivers"
How can I build and install gcc-5.4.0 on Ubuntu 18.04?
unable to securely remove '/usr/bin/gsettings.dpkg-new': Permission denied
One side of headset / headphone does not work in Ubuntu 18.04.1