W3C home > Mailing lists > Public > www-html@w3.org > May 2001

RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ])

From: Brian Kelly <lisbk@ukoln.ac.uk>
Date: Tue, 22 May 2001 19:07:49 +0100 (BST)
To: Dave J Woolley <david.woolley@bts.co.uk>
cc: www-html@w3.org
Message-ID: <Pine.SO4.4.05.10105221901340.1565-100000@lamin.ukoln.ac.uk>

On Tue, 22 May 2001, Dave J Woolley wrote:

> > From:	Brian [SMTP:netdemonz@yahoo.com]
> > 
> > I think that security should be included in the DOM and HTML, and it
> > should
> > address especially: cross-domain access of elements in IFrames, among
> > other
> > things.
> > 
> 	[DJW:]  Noting that all forms of frames are discouraged by
> 	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
> 	and XHTML 1.1, Iframe, in particular, is a form of link, and
> 	the W3C philosophy appears to be to encourage the web, which means,
> 	essentially, to encourage the use of off site links.
> 	As a pure HTML thing, it would seem to be more a copyright/deep
> linking
> 	control feature than straught security.  It doesn't help for
> non-HTML
> 	resources, and it doesn't help in suppressing banner advertising,
> etc.

It does seem to me, though, that it might be useful if W3C Recommendations
flagged any potential legal / copyright issues which implementations of  
the recommendation may encounter.  This was brought home to me at a
SMIL Tutorial at WWW10.  The feature in SMIL to  integrate various
resources, and to, for example, start a video clip at any arbitrary 
point looks like it will provide copyright lawyers with a nice income
stream ("I'll start the Disney video clip after the copyright statement 
has finished, and I'll add my own logo at the top of the window").


Brian Kelly, UK Web Focus
UKOLN, University of Bath, BATH, England, BA2 7AY
Email:  b.kelly@ukoln.ac.uk     URL:    http://www.ukoln.ac.uk/
Homepage: http://www.ukoln.ac.uk/ukoln/staff/b.kelly.html
Phone:  01225 323943            FAX:   01225 826838

> > Also, Windows should be included in the DOM.
> > 
> 	[DJW:]  I believe the position is that Windows are part of the
> browser,
> 	not the document (author controlled multiple windows are again
> discouraged/
> 	impossible under the same conditions as frames).  However, it does
> seem that
> 	some standardisation is needed here, given their extensive use in
> wild,
> 	so maybe W3C needs to create a graphical browser object model (or a
> suite
> 	of browser object models).  However, this is the wrong list to
> discuss object
> 	models. 
> [DJW:]  
> ++The feature proposed is a new element that specifies realms permitted to
> link to an HTML resource in a frame context, or permitted to link and be
> treated
> as equivalent for DOM security models.
> -- 
> --------------------------- DISCLAIMER ---------------------------------
> Any views expressed in this message are those of the individual sender,
> except where the sender specifically states them to be the views of BTS.
> >  
Received on Tuesday, 22 May 2001 14:07:57 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:05:57 UTC