Re: [csswg-drafts] [css-sizing] Auto-resize iframes based on content (#1771)

I am a bit confused why the security concern is a blocker for `<iframe>`, when `<object>` already does this (at least when embedding an SVG, even cross-origin). `<iframe>`s are a lot more secure because they have attributes like `sandbox` and `csp`, which `<object>` does not. So currently we are forced to use `<object>` to embed SVGs in a responsive, accessible, interactive way (`<img>` doesn't expose contents to screen readers, make links clickable or text selectable) with no way to disallow scripts in SVG to run. Having iframe resizing would therefor be an _improvement_ to security in my eyes because it stops forcing us to use less secure alternatives.

-- 
GitHub Notification of comment by felixfbecker
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1771#issuecomment-741708360 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 9 December 2020 11:20:56 UTC