This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23914 - By not allowing cross site scripting you have removed all important use cases for seamless functionality. IMO if a page designer wants to include unsafe third party content - let them! Security should [...]
Summary: By not allowing cross site scripting you have removed all important use cases...
Status: RESOLVED DUPLICATE of bug 23513
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: Unsorted
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-25 17:35 UTC by contributor
Modified: 2013-11-25 17:53 UTC (History)
2 users (show)

See Also:

Attachments

Description contributor 2013-11-25 17:35:47 UTC 
Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html
Multipage: http://www.whatwg.org/C#the-iframe-element
Complete: http://www.whatwg.org/c#the-iframe-element
Referrer: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html

Comment:
By not allowing cross site scripting you have removed all important use cases
for seamless functionality. IMO if a page designer wants to include unsafe
third party content - let them! Security should be the consideration for the
designer, not for the HTML spec writer.

Posted from: 173.11.100.165
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Comment 1 Ian 'Hixie' Hickson 2013-11-25 17:53:46 UTC 

*** This bug has been marked as a duplicate of bug 23513 ***