Andreas Jung wrote:
...
Iframes are still a valid choice in case asynchronous won't work e.g.
when you need to load resources from servers != your origin server. Due
the security model of asynchronous requests, a browser will only load
stuff from the origin server. Iframes are a way to work around this
limitation - ugly as you said, but sometimes a good workaround.
Not only ugly but also a very security threat. Been there, seen a lot
important sites fell on their noses when it comes to CSS* and friends.
Better find another solution in such cases and allow users to disable
support for iframes for better security.
*) here: cross site scripting
Regards
Tino
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
