Am 05.07.2010 22:50 schrieb Aryeh Gregor:
On Mon, Jul 5, 2010 at 1:13 PM, Markus Ernst <[email protected]> wrote:
Some content from an external specialized content provider is included in
an existing web site via an iframe. This cannot be seamless, as the links
in the iframe must point to the original domain of the included document.
But in order to avoid double scroll bars, it would be desirable to have the
height of the iframe adjusted to it's content.
This use-case is inherently insecure. An iframe's height cannot
depend on the contents of a cross-origin page unless that origin
explicitly opts in somehow.
Thank you and Boris for your examples. I see the security issues. Anyway
It would be very helpful in cases like mine, where security and privacy
are not affected, to get an easy way to do this opt-in without the need
of complex scripting, and independent from @seamless. Embedding content
from external providers looks like a quite common case to me, and an
easy opt-in mechanism would help both the customers and the providers of
embedded content.
Am 05.07.2010 22:50 schrieb Aryeh Gregor:
On Mon, Jul 5, 2010 at 1:13 PM, Markus Ernst <[email protected]> wrote:
- Interpreting the CSS declaration display:block as the author's wish to get
the iframe rendered like a block element is nothing but consistent. There
has been no reason for authors to apply this declaration so far, but if
anyone did, he/she wanted the rendering I suggest. If not (for example if
the iframe is floating), he/she also applied dimensions, be it in the HTML
or the CSS code.
The author might or might not originally have wanted the behavior you
said, but in the end, the site doesn't render that way, and changing
the rendering like that would make the site look very different from
the way it looked before (= the final product that the author was
satisfied with and released).
Am 06.07.2010 02:35 schrieb Boris Zbarsky:
> Experience shows this to not be the case. People blindly apply CSS
> without thinking through the implications as long as the current
> rendering is "right"; I will bet money there are pages out there that
> use display:block on iframes just to get linebreaks before/after and
> will break if the sizing behavior changes.
A BC problem with display:block would only occur if an author applied
this declaration _without_ applying dimensions, which looks quite weird
to me. I admit I have no statistics about this, and no means to get
statistics. But I can hardly imagine that there are many pages like this
out there, as the default dimensions that browsers apply to iframes are
quite special. But anyway, I do not insist in this solution, it was just
an idea that looked consistent to me as an author with little technical
backgrownd knowledge.
