W3C home > Mailing lists > Public > public-html@w3.org > May 2013

Re: make links within an iframe replace the parent document

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Tue, 21 May 2013 09:20:48 +1000
Message-ID: <CAHp8n2nQiyQu15Y=ihRuYthFge6CLxCLXeTvVNfc96igO9mhew@mail.gmail.com>
To: "Constantine A. Murenin" <mureninc@gmail.com>
Cc: public-html@w3.org
On Tue, May 21, 2013 at 8:43 AM, Constantine A. Murenin
<mureninc@gmail.com> wrote:
> On 20 May 2013 14:52, Silvia Pfeiffer <silviapfeiffer1@gmail.com> wrote:
>> The seamless attribute was indeed created for this use case. It states:
>> "...seamless mode ...  will cause links to open in the parent browsing
>> context ..."
>> To avoid XSS issues, same-origin rules apply, so look at the details
>> of http://www.w3.org/TR/html5/embedded-content-0.html#attr-iframe-seamless
> That makes no sense.  If you already control the content of the iframe
> that you're embedding, then there are already other means to make the
> links open in the parent browsing context.
> What about embedding non-same-origin content?  Why would any
> legitimate websites that care about their users would /not/ want to
> have the links open in the parent browsing window?
> Actually, why is it not even the default:  if the links are clicked on
> within an iframe, why do they not replace the parent browsing context
> by default?  This would seem like a big fail on part of the
> implementation of iframes in modern browsers.
> And then instead of getting it right, someone comes up with
> X-Frame-Options that effectively kills the iframe for use outside of
> the same-origin sites in the first place. :-(  Sigh.

Have you tried some of the suggestions on

Received on Monday, 20 May 2013 23:21:35 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:46:02 UTC