[whatwg] Prevent a document from being manipulated by a "top" document
dennis at efjot.de
Tue Aug 2 03:21:31 PDT 2011
I think this needs a better thread title... Feel free to change it.
I've been having this idea. Usually when you insert an <iframe>, for
you can easily manipulate it's DOM structure.
There is no way to prevent this, or? The top document can even just sandbox
the iframe and allow scripts, but not allow top navigation. In this case
the sandboxed iframe is stuck. The top can do whatever it wants with it,
manipulation. Many sites do this, but some do not!
I propose a <head> or <html> attribute or tag which puts the document into
"protected" mode, thus preventing it from being put into an iframe and/or
The dangers of this situation could be as follows:
Somebody puts <insert social network here> into an iframe, making you log
automatically. He has now access to your data. Instantly. When you access
Proposing a very easy to implement protection from iframe manipulation is
that would be very helpful for webmasters.
A few ideas of implementation:
<body contentprotected="all"> could protect it from all script access.
This could be
sent for webserver responses that MUST NOT be caught by anything (user
Also being able to apply this to any container tag, if someone wants to
More information about the whatwg