Re: [csswg-drafts] [css-sizing] Auto-resize iframes based on content (#1771) from Felix Becker via GitHub on 2021-03-24 (public-css-archive@w3.org from March 2021)

From: Felix Becker via GitHub <sysbot+gh@w3.org>
Date: Wed, 24 Mar 2021 13:45:59 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-805834994-1616593558-sysbot+gh@w3.org>

Personally I'm **not** fine with JS being required to use JS to resize. Requiring JS for resizing is counter to spreading the use of `sandbox` and `csp` attributes when embedding static content, which _improve_ security by disallowing JS.

E.g. it should not be required to add JS to an SVG or a static HTML endpoint just so it can embedded in a secure and accessible way (that would make it not well portable as a file). And requiring JS would make it _less_ secure, because I'd love to be able to use `sandbox` or `csp` to disallow any JS in the `iframe`, but that of course is not possible then.

-- 
GitHub Notification of comment by felixfbecker
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1771#issuecomment-805834994 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 24 March 2021 13:46:01 UTC