Re: Proposal: content-size value for 'height' from Brad Kemper on 2008-07-17 (www-style@w3.org from July 2008)

From: Brad Kemper <brkemper@comcast.net>
Date: Wed, 16 Jul 2008 21:06:30 -0700
To: "L. David Baron" <dbaron@dbaron.org>
Cc: "Michael A. Puls II" <shadow2531@gmail.com>, www-style@w3.org
Message-Id: <94EE590E-345B-4AD0-B078-882B25AC1DFC@comcast.net>

On Jul 16, 2008, at 4:50 PM, L. David Baron wrote:

> On Wednesday 2008-07-16 19:04 -0400, Michael A. Puls II wrote:
>>
>> Problem: Make an iframe or object's height expand to the height of  
>> its content
>>
>> Not a solution: height: 100%
>
> There's considerable discussion of this in
> https://bugzilla.mozilla.org/show_bug.cgi?id=80713 .
>
> Note that there are potential security issues because the size of
> the content of a page potentially leaks information (e.g., whether
> you're logged in to a site, etc.).

Overblown concerns, if you ask me, considering the obvious value of  
having iframes or other sub-documents that would be displayed  
appropriately without scrollbars. In theory, a picture can be a  
different size depending on if you are logged in, but that doesn't  
seem to disturb anyone. Those who have sign-on pages that they don't  
want explointed are already including JavaScript to block framing.

Received on Thursday, 17 July 2008 04:07:13 UTC