W3C home > Mailing lists > Public > www-html@w3.org > May 2001

RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ])

From: Brian <netdemonz@yahoo.com>
Date: Wed, 23 May 2001 16:53:21 -0400
To: <www-html@w3.org>
Message-ID: <DNEIIKMKALOBNJEACIHNGEOGCAAA.netdemonz@yahoo.com>
The security is, for instance, to stop a site from being able to get your
banks statement from inside a frame. Also, HTML and the DOM are so linked
that you can't talk about a security model without it pertaining to HTML and
the DOM.

-----Original Message-----
From: www-html-request@w3.org [mailto:www-html-request@w3.org]On Behalf
Of Dave J Woolley
Sent: Tuesday, May 22, 2001 6:16
To: www-html@w3.org
Subject: RE: [www-html] Frame parent access control proposal (was: [ no
su bject at all ])

> From:	Brian [SMTP:netdemonz@yahoo.com]
> I think that security should be included in the DOM and HTML, and it
> should
> address especially: cross-domain access of elements in IFrames, among
> other
> things.
	[DJW:]  Noting that all forms of frames are discouraged by
	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
	and XHTML 1.1, Iframe, in particular, is a form of link, and
	the W3C philosophy appears to be to encourage the web, which means,
	essentially, to encourage the use of off site links.

> http://bugzilla.mozilla.org/show_bug.cgi?id=64886
	The feature proposed here++ would best be implemented using link
	(probably rev=), although it does imply a generalisation of a link
	all links with the same prefix.  If you were to do this, other types
	of links should implicitly created a friendly referencer
relationship, thus
	making it redundant for many well designed pages.

	As a pure HTML thing, it would seem to be more a copyright/deep
	control feature than straught security.  It doesn't help for
	resources, and it doesn't help in suppressing banner advertising,

> Also, Windows should be included in the DOM.
	[DJW:]  I believe the position is that Windows are part of the
	not the document (author controlled multiple windows are again
	impossible under the same conditions as frames).  However, it does
seem that
	some standardisation is needed here, given their extensive use in
	so maybe W3C needs to create a graphical browser object model (or a
	of browser object models).  However, this is the wrong list to
discuss object
++The feature proposed is a new element that specifies realms permitted to
link to an HTML resource in a frame context, or permitted to link and be
as equivalent for DOM security models.

--------------------------- DISCLAIMER ---------------------------------
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of BTS.


Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Received on Wednesday, 23 May 2001 16:53:22 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:05:57 UTC