[whatwg] Iframe dimensions

Markus Ernst derernst at gmx.ch
Tue Jul 6 03:49:56 PDT 2010


Am 06.07.2010 12:31 schrieb Aryeh Gregor:
> On Tue, Jul 6, 2010 at 4:40 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> Thank you and Boris for your examples. I see the security issues. Anyway It
>> would be very helpful in cases like mine, where security and privacy are not
>> affected, to get an easy way to do this opt-in without the need of complex
>> scripting, and independent from @seamless. Embedding content from external
>> providers looks like a quite common case to me, and an easy opt-in mechanism
>> would help both the customers and the providers of embedded content.
> 
> So what you're saying is that you really do just want seamless="" with
> easy cross-origin opt-in, right?  That sounds entirely logical, and
> I'm not sure why it's not specced already (or at least I don't see
> it).  Could this be easily added to CORS?  CORS isn't so easy to set
> up, of course, but I'm not sure it's practical to do better.  An HTML
> tag would work, for HTML pages (the common case for iframes), but then
> the UA wouldn't know whether it's allowed to be seamless until it
> started parsing the response, which might have complications.
> 
> I don't know why you keep saying "independent from @seamless" without
> giving any reason for it.  Seamless seems like exactly what you want.

My problem is this sentence in the spec for seamless: "This will cause 
links to open in the parent browsing context."

In an application like 
http://test.rapid.ch/de/haendler-schweiz/iseki.html, the external page 
should be able to re-call itself inside the iframe, for example if a 
sort link is clicked or a search form submitted.



More information about the whatwg mailing list