- From: Craig Francis <craig@craigfrancis.co.uk>
- Date: Tue, 26 Jan 2016 15:58:03 +0000
- To: www-style@w3.org
- Message-ID: <7CE6A2D0-4C52-4C0E-AEFF-B0C50C77AD2B@craigfrancis.co.uk>
Considering the recent removal of <iframe seamless>... I've made a suggestion on the WHATWG issue log regarding what I consider the main use of @seamless on iframes. Anne van Kesteren suggested I post that idea here: https://github.com/whatwg/html/issues/555 <https://github.com/whatwg/html/issues/555> Copy below. Craig ------ Considering the removal of <iframe seamless> on issue #331. https://github.com/whatwg/html/issues/331 <https://github.com/whatwg/html/issues/331> For me, the main feature of @seamless was the ability for the iframe to resize based on the size of the child document (really just the height), so no scroll bars would appear. Currently this is "solved" with the use of some very messy JavaScript: http://stackoverflow.com/search?q=resize+iframe Which is more difficult cross-origin, which needs postMessage and custom JS running on every single page (both child and parent). The suggestion of Shadow-DOM is interesting, but I don't believe this provides the same level of protection (and backwards compatibility), as often the child content is put in an iframe to keep it isolated from the current page (i.e. for security reasons). Typically I put things in an iframe because they could easily be malicious, and I would really like to use asandbox to block allow-scripts. ------ zcorpan commented... For cross-origin I suppose the embeddee would need to opt-in somehow (e.g. meta tag), to not expose new information cross-origin. ------
Received on Thursday, 11 February 2016 14:43:40 UTC