W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2010

[whatwg] Making cross-domain overlays more user-friendly

From: Rowan Nairn <rnairn@gmail.com>
Date: Fri, 5 Feb 2010 15:12:30 -0800
Message-ID: <989aa6911002051512m68492eb9v9a2d193061104737@mail.gmail.com>
On Fri, Feb 5, 2010 at 2:46 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 2/5/10 5:40 PM, Rowan Nairn wrote:
>>
>> - don't introduce new security issues like susceptibility to phishing
>> attacks
>
> ....
>
>> - The main URL bar should display the framed URL i.e.
>> http://destination-site.com/
>
> I'm having a really really really hard time reconciling these two,
> especially in the cases when the <iframe main> is not actually visible (e.g.
> is visibility:hidden).

An alternative is to drop this requirement.  It is not necessary to
replace the main URL bar as long as the URL of the framed content is
available *somewhere*.  I wouldn't want to dictate much about the UI
to vendors but maybe the requirement would be more like:

- The UA must prominently display the URL of the framed page somewhere
while making it clear to the user that the main URL is that of the
overlay page.

I agree that it's a very difficult UI problem.  Understanding one URL
is hard enough for many users.

Rowan
Received on Friday, 5 February 2010 15:12:30 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:55 UTC