Re: [csswg-drafts] [css-sizing] Auto-resize iframes based on content (#1771)

Yeah, I suppose having it set in the UA stylesheet on resizable iframes would work fine; there's already sufficient indication of intent from the attribute, after all. And that way, the style is observable from the DevTools, so it's not too hard to see what you need to change to modify the behavior yourself.

> Is there a reason why a srcdoc should have to explictly opt-in though? The person or script which generates the containing document has also full control over the srcdoc, since it is a part of the containing document. Having to opt-in from inside the srcdoc and from outside seems redundant in this case.

It's a little magic, which I'm always wary of, but srcdoc *is* explicitly designed for usability, so it might be okay to auto-inject that style into a srcdoc'd iframe at the UA level (so the srcdoc document could easily override it necessary).

> A lot of times my own sandboxed content will be on a different origin; it is on a different origin specifically to help with the sandboxing. I'm not sure how much need there is for optimizing the same-origin case; it might even be a bad idea, if it encourages people to host their untrusted content in the same origin.

A fair concern, but I think the risk of people doing the fairly-obviously-harmful thing of putting untrusted content on unsandboxed same-origin is worth the benefit to authors of allowing resizing to work for same-origin or srcdoc content without script being required. It's not like it's a single line of script, either; you need to regularly poll for changes to your content size.

-- 
GitHub Notification of comment by tabatkins
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1771#issuecomment-810627961 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 30 March 2021 22:47:24 UTC