W3C home > Mailing lists > Public > www-html@w3.org > May 2001

RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ])

From: Dave J Woolley <david.woolley@bts.co.uk>
Date: Tue, 22 May 2001 11:15:41 +0100
Message-ID: <81E4A2BC03CED111845100104B62AFB50102A702@STAGECOACH>
To: www-html@w3.org
> From:	Brian [SMTP:netdemonz@yahoo.com]
> 
> I think that security should be included in the DOM and HTML, and it
> should
> address especially: cross-domain access of elements in IFrames, among
> other
> things.
> 
	[DJW:]  Noting that all forms of frames are discouraged by
	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
	and XHTML 1.1, Iframe, in particular, is a form of link, and
	the W3C philosophy appears to be to encourage the web, which means,
	essentially, to encourage the use of off site links.

> http://bugzilla.mozilla.org/show_bug.cgi?id=64886
	[DJW:]  
	The feature proposed here++ would best be implemented using link
elements
	(probably rev=), although it does imply a generalisation of a link
to
	all links with the same prefix.  If you were to do this, other types
	of links should implicitly created a friendly referencer
relationship, thus
	making it redundant for many well designed pages.

	As a pure HTML thing, it would seem to be more a copyright/deep
linking
	control feature than straught security.  It doesn't help for
non-HTML
	resources, and it doesn't help in suppressing banner advertising,
etc.

> Also, Windows should be included in the DOM.
> 
	[DJW:]  I believe the position is that Windows are part of the
browser,
	not the document (author controlled multiple windows are again
discouraged/
	impossible under the same conditions as frames).  However, it does
seem that
	some standardisation is needed here, given their extensive use in
wild,
	so maybe W3C needs to create a graphical browser object model (or a
suite
	of browser object models).  However, this is the wrong list to
discuss object
	models. 
[DJW:]  
++The feature proposed is a new element that specifies realms permitted to
link to an HTML resource in a frame context, or permitted to link and be
treated
as equivalent for DOM security models.

-- 
--------------------------- DISCLAIMER ---------------------------------
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of BTS.


>  
Received on Tuesday, 22 May 2001 06:16:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:48 GMT