[html5] about html5 iframe (2 questions)
ian at hixie.ch
Mon Aug 9 16:49:56 PDT 2010
On Fri, 18 Jun 2010, Stefano Gargiulo wrote:
> 1) Does the sandboxed="allow-same-origin" attribute allows me to
> navigating (reading) into thirdy party sites iframe content (cross
No, that would be a security vulnerability.
You can do it with opt-in from the third-party server using XMLHttpRequest
and CORS, though.
> 2) Don't you think that an attribute like: "enforce-browser-address-bar-info"
> colud be useful for https iframes (e.g. to implement federated SSO login for
> ajax webapplications without losing the dhtml page state)?
> i think that this attribute should impose the browser to put the ssl
> certificate info and the complete url of the iframe element into the main
> address bar in addition to the parent window one.
I don't completely understand. What's stopping a browser from doing that
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the Help