W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2010

[whatwg] Iframe dimensions

From: Markus Ernst <derernst@gmx.ch>
Date: Tue, 06 Jul 2010 12:49:56 +0200
Message-ID: <4C330A54.5030906@gmx.ch>
Am 06.07.2010 12:31 schrieb Aryeh Gregor:
> On Tue, Jul 6, 2010 at 4:40 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> Thank you and Boris for your examples. I see the security issues. Anyway It
>> would be very helpful in cases like mine, where security and privacy are not
>> affected, to get an easy way to do this opt-in without the need of complex
>> scripting, and independent from @seamless. Embedding content from external
>> providers looks like a quite common case to me, and an easy opt-in mechanism
>> would help both the customers and the providers of embedded content.
> 
> So what you're saying is that you really do just want seamless="" with
> easy cross-origin opt-in, right?  That sounds entirely logical, and
> I'm not sure why it's not specced already (or at least I don't see
> it).  Could this be easily added to CORS?  CORS isn't so easy to set
> up, of course, but I'm not sure it's practical to do better.  An HTML
> tag would work, for HTML pages (the common case for iframes), but then
> the UA wouldn't know whether it's allowed to be seamless until it
> started parsing the response, which might have complications.
> 
> I don't know why you keep saying "independent from @seamless" without
> giving any reason for it.  Seamless seems like exactly what you want.

My problem is this sentence in the spec for seamless: "This will cause 
links to open in the parent browsing context."

In an application like 
http://test.rapid.ch/de/haendler-schweiz/iseki.html, the external page 
should be able to re-call itself inside the iframe, for example if a 
sort link is clicked or a search form submitted.
Received on Tuesday, 6 July 2010 03:49:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:24 UTC