A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
AllowSeamless: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 2: | Line 2: | ||
Currently, [http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-seamless seamless iframes] work only with same-origin document because otherwise the parent document could steal information from the child document. There are use cases (see below) for using seamless iframes with cross-origin documents. This proposal provides a way for documents to opt into being seamless with cross-origin parents. | Currently, [http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-seamless seamless iframes] work only with same-origin document because otherwise the parent document could steal information from the child document. There are use cases (see below) for using seamless iframes with cross-origin documents. This proposal provides a way for documents to opt into being seamless with cross-origin parents. | ||
==Security Concerns== | |||
==Use Cases== | ==Use Cases== | ||
==Proposal== | |||
==Security Analysis== | |||
==Examples == | ==Examples== | ||
<pre> | <pre> |
Revision as of 01:33, 24 May 2012
Overview
Currently, seamless iframes work only with same-origin document because otherwise the parent document could steal information from the child document. There are use cases (see below) for using seamless iframes with cross-origin documents. This proposal provides a way for documents to opt into being seamless with cross-origin parents.
Security Concerns
Use Cases
Proposal
Security Analysis
Examples
<html allowseamless> <body> If my parent iframe has the seamless attribute, then <a href="http://example.com">this example link</a> will navigate my parent and the iframe will autosize to the right height and width. </body>
<html allowseamless="inherit-style"> <body> Now in addition to the above, I will inherit styles from my parent. Inheriting styles requires an additional opt-in because letting my parent style me could leak more information (such as the value of form input elements) to my parent. </body>