RE: [www-html] Frame parent access control proposal (was: [ no su bject at all ]) from Klaas De Waele on 2001-05-22 (www-html@w3.org from May 2001)

From: Klaas De Waele <klaas@gracegraphics.be>
Date: Tue, 22 May 2001 13:29:47 +0200
To: "'Dave J Woolley'" <david.woolley@bts.co.uk>, "'www-html@w3.org'" <www-html@w3.org>
Message-ID: <F16ABE403FD3D311A61500608CC0D1670C1C28@pdc>

It would be nice to expand your answer 'this is the wrong list to discuss
object models' with a link to a place where it is suitable to discuss a
topic like this.

Thanks.


- Kayjey -

-----Oorspronkelijk bericht-----
Van: www-html-request@w3.org [mailto:www-html-request@w3.org]Namens Dave
J Woolley
Verzonden: dinsdag 22 mei 2001 12:16
Aan: www-html@w3.org
Onderwerp: RE: [www-html] Frame parent access control proposal (was: [
no su bject at all ])


> From:	Brian [SMTP:netdemonz@yahoo.com]
> 
> I think that security should be included in the DOM and HTML, and it
> should
> address especially: cross-domain access of elements in IFrames, among
> other
> things.
> 
	[DJW:]  Noting that all forms of frames are discouraged by
	HTML 4.0 and XHTML 1.0 and are not allowed at all by ISO HTML
	and XHTML 1.1, Iframe, in particular, is a form of link, and
	the W3C philosophy appears to be to encourage the web, which means,
	essentially, to encourage the use of off site links.

> http://bugzilla.mozilla.org/show_bug.cgi?id=64886
	[DJW:]  
	The feature proposed here++ would best be implemented using link
elements
	(probably rev=), although it does imply a generalisation of a link
to
	all links with the same prefix.  If you were to do this, other types
	of links should implicitly created a friendly referencer
relationship, thus
	making it redundant for many well designed pages.

	As a pure HTML thing, it would seem to be more a copyright/deep
linking
	control feature than straught security.  It doesn't help for
non-HTML
	resources, and it doesn't help in suppressing banner advertising,
etc.

> Also, Windows should be included in the DOM.
> 
	[DJW:]  I believe the position is that Windows are part of the
browser,
	not the document (author controlled multiple windows are again
discouraged/
	impossible under the same conditions as frames).  However, it does
seem that
	some standardisation is needed here, given their extensive use in
wild,
	so maybe W3C needs to create a graphical browser object model (or a
suite
	of browser object models).  However, this is the wrong list to
discuss object
	models. 
[DJW:]  
++The feature proposed is a new element that specifies realms permitted to
link to an HTML resource in a frame context, or permitted to link and be
treated
as equivalent for DOM security models.

-- 
--------------------------- DISCLAIMER ---------------------------------
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of BTS.


>

Received on Tuesday, 22 May 2001 07:36:34 UTC