On Sun, May 25, 2008 at 12:02 PM, Jon Ferraiolo <jferrai@us.ibm.com> wrote: > I would assume that there are also > security issues with allowing the parent to override the styling of an > embedded iframe because conceivably someone could invoke a bank website > within an iframe and it wouldn't be good if the parent could override some > of the CSS for the bank's website. Similarly, you probably wouldn't want the > parent frame to be able to listen to keystrokes that happen within the child > iframe (e.g., your password). Since the parent can already overlay password fields on top of the sandboxed frame or replace it with a spoofed version, I don't think we should encourage widgets to solicit passwords inside their sandboxed frame if they don't trust their parent. Collin JacksonReceived on Tuesday, 27 May 2008 09:44:52 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 May 2008 09:44:58 GMT