- From: <bugzilla@jessica.w3.org>
- Date: Mon, 25 Jul 2011 05:10:11 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13348 Summary: I was wondering if it would be possible to extend the iframe sandbox attribute to provide additional functionality. We've been developing a HTML5 digital signage solution where the playback application is a HTML5 web page. When the solution is displaying Product: HTML WG Version: unspecified Platform: Other URL: http://www.whatwg.org/specs/web-apps/current-work/#top OS/Version: other Status: NEW Severity: normal Priority: P3 Component: HTML5 spec (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: contributor@whatwg.org QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org Specification: http://www.w3.org/TR/html5/ Multipage: http://www.whatwg.org/C#top Complete: http://www.whatwg.org/c#top Comment: I was wondering if it would be possible to extend the iframe sandbox attribute to provide additional functionality. We've been developing a HTML5 digital signage solution where the playback application is a HTML5 web page. When the solution is displaying web pages we use a sandboxed iframe however it doesn’t quite meet our needs. The problem is that many pages have click-jacking prevention where they use javascript to ensure the page is not in an iframe and the HTTP X-Frame-Options header to prevent the display of the page in the latest browsers. So whilst we believe our approach to digital signage is by far the most ubiquitous in terms of platform support, we have the lowest support for displaying web pages. What we are thinking is that it would be good to have an ‘isolated’ flag on the iframe sandbox attribute that allows: 1. the inline frame to act like a pop-up window 2. limited JS interaction. Access to height, width, src properties for example (like a pop-up window) 3. top == self in JS and browsers ignore the X-Frame-Options 4. Prevents click jacking as the page is truly sandboxed like a pop-up window This would allow us to display pages like facebook in our HTML5 solution in the same way our desktop software based competitors can. I believe this addition would greatly benefit the HTML5 standard as a platform and other legitimate uses could be: • HTML5 based web desktops such as http://eyeos.org/ • HTML5 web browsers (Chrome OS where the browser chrome is a browser. Tabs and all are HTML) • Tutorial sites with instructions around the live frame Posted from: 129.78.32.22 User agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.825.0 Safari/535.1 -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Monday, 25 July 2011 05:10:16 UTC