W3C home > Mailing lists > Public > public-html-comments@w3.org > April 2010

RE: iframe sandbox suggestion

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 1 Apr 2010 23:49:59 +0000 (UTC)
To: Arthur Clifford <art@artspad.net>
Cc: 'Artur Adib' <arturadib@gmail.com>, public-html-comments@w3.org
Message-ID: <Pine.LNX.4.64.1004012349100.18493@ps20323.dreamhostps.com>
On Thu, 1 Apr 2010, Arthur Clifford wrote:
> What about providing an attribute for frames/iframes that told the user 
> agent to treat the framed content like its own window where top refer's 
> to the frames url not the top document's url. You could also specify 
> that user agents include a header of something like "Window-context: 
> frame" on get requests from framed content. That way server-side scripts 
> could detect inclusion in frames and react as appropriate.
> Flash/Flex has similar issues where you can have flash content within 
> flash, but a flash developer (for the embedded movie) might refer to 
> "root" (roughly equivalent to top) and that messes things up in an 
> embedded context. So, there's a property that can be used to tell the 
> Flash player to treat requests for root in embedded context as root for 
> the embedded movie not root for the outer (top) flash movie.
> So, generally:
>  * Embedded/framed content needs to be flagged as embedded content
>  * Embedded/framed content needs to be treated as if it were not embedded.
>  * Embedded/framed content creators should be able to prevent their content
> from being embedded by having access to some indicator that the content was
> embedded.

I don't understand what problem this solves. Can't you already do all 
this by just using 'window'?

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 1 April 2010 23:50:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:26 UTC