Am 11.08.2010 00:24 schrieb Ian Hickson:
On Mon, 5 Jul 2010, Markus Ernst wrote:
[...]
Example: http://test.rapid.ch/de/haendler-schweiz/iseki.html (This is
under construction.) As a workaround to the height problem, I applied a
script that adjusts the iframe height to the available height in the
browser window. But of course the user experience would be more
consistent if the page could behave like a single page, with only one
scrollbar at the right of the browser window.
If you control both pages and can't use seamless, you can use
postMessage() to negotiate a size. On the long term, I expect we'll make
seamless work with CORS somehow. I'm waiting until we properly understand
how CORS is used in the wild before adding it all over the place in HTML.
A solution at authoring level for cases where the author controls both
pages would be quite helpful. I think of a meta element in the embedded
document that specifies one or more domains that are allowed to embed it
seamlessly in an iframe, such as e.g.:
<meta name="allow-seamless-embedding" name="domain.tld, otherdomain.tld">
I think that this would be ok from a security POV, and much easier than
using CORS.
On Tue, 6 Jul 2010, Markus Ernst wrote:
My problem is this sentence in the spec for seamless: "This will cause
links to open in the parent browsing context."
In an application like
http://test.rapid.ch/de/haendler-schweiz/iseki.html, the external page
should be able to re-call itself inside the iframe, for example if a
sort link is clicked or a search form submitted.
On Tue, 6 Jul 2010, Ashley Sheridan wrote:
Could you explicitly call the _self target in links in the frame? I
wasn't sure if the target attribute was going or not, but I'd expect
target="_self" to override the default seamless action.
Good point. Fixed. You can now work around this by targetting the frame
explicitly using <base target=_self>. (Or by using target=foo if the
iframe has name=foo.)
Great!
