RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ])

> From:	Brian [SMTP:netdemonz@yahoo.com]
> 
> I think that security should be included in the DOM and HTML, and it
> should
> address especially: cross-domain access of elements in IFrames, among
> other
> things.
> 
	[DJW:]  Noting that all forms of frames are discouraged by
	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
	and XHTML 1.1, Iframe, in particular, is a form of link, and
	the W3C philosophy appears to be to encourage the web, which means,
	essentially, to encourage the use of off site links.

> http://bugzilla.mozilla.org/show_bug.cgi?id=64886
	[DJW:]  
	The feature proposed here++ would best be implemented using link
elements
	(probably rev=), although it does imply a generalisation of a link
to
	all links with the same prefix.  If you were to do this, other types
	of links should implicitly created a friendly referencer
relationship, thus
	making it redundant for many well designed pages.

	As a pure HTML thing, it would seem to be more a copyright/deep
linking
	control feature than straught security.  It doesn't help for
non-HTML
	resources, and it doesn't help in suppressing banner advertising,
etc.

> Also, Windows should be included in the DOM.
> 
	[DJW:]  I believe the position is that Windows are part of the
browser,
	not the document (author controlled multiple windows are again
discouraged/
	impossible under the same conditions as frames).  However, it does
seem that
	some standardisation is needed here, given their extensive use in
wild,
	so maybe W3C needs to create a graphical browser object model (or a
suite
	of browser object models).  However, this is the wrong list to
discuss object
	models. 
[DJW:]  
++The feature proposed is a new element that specifies realms permitted to
link to an HTML resource in a frame context, or permitted to link and be
treated
as equivalent for DOM security models.

-- 
--------------------------- DISCLAIMER ---------------------------------
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of BTS.


>  

Received on Tuesday, 22 May 2001 06:16:35 UTC