- From: Craig Francis <craig.francis@gmail.com>
- Date: Tue, 29 Mar 2016 11:04:31 +0100
- To: Chris Palmer <palmer@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
- Message-Id: <307D0EDC-DF85-4058-A030-1127DF62BF8E@gmail.com>
On 28 Mar 2016, at 20:39, Chris Palmer <palmer@google.com> wrote:
> I'd much rather have the embedder explicitly pass the relevant text ... an iframe element attribute.
Actually, this is a good point...
Taylor Hunt suggested something similar on WICG Discourse:
https://discourse.wicg.io/t/feature-request-allow-auto-resize-on-iframe/1405/5 <https://discourse.wicg.io/t/feature-request-allow-auto-resize-on-iframe/1405/5>
They wanted variables to be passed into the iframe (in their case to customise the CSS, maybe the widget could set a theme colour?).
Maybe this is worth considering?
It would be easier than passing everything though the iframe src, e.g.
<iframe src="/path/to.js" data-colour="#F00"></iframe>
And for the Ad networks:
<iframe src="https://www.example.com/advert/" data-text-content="" style="width: 500px; height: max-content;"></iframe>
Where those Ad networks could suggest something like the following (for those wanting a quick copy/paste):
<script>
if (document.querySelectorAll) {
document.addEventListener('DOMContentLoaded', function() {
var iframes = document.querySelectorAll('iframe[data-text-content]'),
textContent = document.body.innerText;
for (var k = (iframes.length - 1); k >= 0; k--) {
iframes[k].setAttribute('data-text-content', textContent);
}
});
}
</script>
Although, we should use a different attribute name, as data-* attributes already exist :-)
Craig
Received on Tuesday, 29 March 2016 10:04:56 UTC