[whatwg] Making cross-domain overlays more user-friendly

Rowan Nairn rnairn at gmail.com
Fri Feb 5 15:12:30 PST 2010


On Fri, Feb 5, 2010 at 2:46 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 2/5/10 5:40 PM, Rowan Nairn wrote:
>>
>> - don't introduce new security issues like susceptibility to phishing
>> attacks
>
> ....
>
>> - The main URL bar should display the framed URL i.e.
>> http://destination-site.com/
>
> I'm having a really really really hard time reconciling these two,
> especially in the cases when the <iframe main> is not actually visible (e.g.
> is visibility:hidden).

An alternative is to drop this requirement.  It is not necessary to
replace the main URL bar as long as the URL of the framed content is
available *somewhere*.  I wouldn't want to dictate much about the UI
to vendors but maybe the requirement would be more like:

- The UA must prominently display the URL of the framed page somewhere
while making it clear to the user that the main URL is that of the
overlay page.

I agree that it's a very difficult UI problem.  Understanding one URL
is hard enough for many users.

Rowan



More information about the whatwg mailing list