Engaged in design review in newsgroup for Content Restrictions
Started investigation of the possibility of using a lightweight Public Domain Dedication for simple testcases in the Mozilla tree
Next Week
“A CA a day keeps the doctor away”
Push people to suggest SoC ideas, and triage them to the official list; student submission deadline is 24th March
Implement off-topic cancel proposal (unless there are serious problems)
Further work on Content Restrictions
4 thoughts on “Weekly Status 2007-03-16”
Re the work on Content Restrictions. We really need a way of embedding (i)frames into pages and preventing them from accessing their parent frame.
Ian: Same domain iframes, presumably, where you have control of the serving of the content inside the iframe? If so, it has that – see what is currently called the “hierarchy” restriction (in version 0.9.2).
Gerv,
Sorry, I meant cross-domain iframes in particular, so that we can embed frames of content from other websites and put them safely in our page without risk of them being able to change the content of our page or redirect our page somewhere else.
Internet explorer has the non-standard security=restricted attribute, but this sucks as it uses the flawed IE concept of zones. I think simply preventing a frame accessing the DOM of the parent would be sufficient – it would be nice if this could be standardised within WHATWG/W3C.
A live web use-case would be Yahoo! images, where they display a frame with information about the website, and show the website in a frame below. They use the IE security=restricted attribute.
Another example is an internal company tool I wrote recently to cycle through a list of blog posts, and mark them as spam or not spam. I wanted to embed the documents in a frame/iframe, but some spammy ones would redirect me away from my tool. In the end I had to use the security=restricted attribute for IE, and for Firefox I make it a link instead. It’s a horrible feeling to not only have to use IE for something, but having wrote it too :(
Re the work on Content Restrictions. We really need a way of embedding (i)frames into pages and preventing them from accessing their parent frame.
Ian: Same domain iframes, presumably, where you have control of the serving of the content inside the iframe? If so, it has that – see what is currently called the “hierarchy” restriction (in version 0.9.2).
Gerv,
Sorry, I meant cross-domain iframes in particular, so that we can embed frames of content from other websites and put them safely in our page without risk of them being able to change the content of our page or redirect our page somewhere else.
Internet explorer has the non-standard security=restricted attribute, but this sucks as it uses the flawed IE concept of zones. I think simply preventing a frame accessing the DOM of the parent would be sufficient – it would be nice if this could be standardised within WHATWG/W3C.
A live web use-case would be Yahoo! images, where they display a frame with information about the website, and show the website in a frame below. They use the IE security=restricted attribute.
Another example is an internal company tool I wrote recently to cycle through a list of blog posts, and mark them as spam or not spam. I wanted to embed the documents in a frame/iframe, but some spammy ones would redirect me away from my tool. In the end I had to use the security=restricted attribute for IE, and for Firefox I make it a link instead. It’s a horrible feeling to not only have to use IE for something, but having wrote it too :(
[Taken to email]