Thanks Andreas, that is helpful info.
On Friday, 8 June 2018 14:53:32 UTC+2, Andreas Hahn wrote:
>
> Hi Josiah,
>
> from what I can tell, in certain browsers, the use of the tag
> disallows the javascript contexts of both sites to communicate via
> messages. This would be the desired behaviour
Hi Josiah,
from what I can tell, in certain browsers, the use of the tag
disallows the javascript contexts of both sites to communicate via
messages. This would be the desired behaviour when embedding things into
your tiddlywiki, as where it is allowed are also allowed to
inject javascript
My case: I would like to make a TW that often shows in a box other sites.
People warn me:
*That is dangerous. If you don't know what you are doing a cracker could
eat you.*I'd like to be clearer about security of object v. iframe ...
I notice that HTML5 iframe has sandboxing options.
I hav