implement the HTML5 seamless attribute for the iframe element

RESOLVED WONTFIX

Status

()

enhancement
RESOLVED WONTFIX
9 years ago
11 months ago

People

(Reporter: mike, Unassigned)

Tracking

(Depends on 2 bugs, Blocks 1 bug, {dev-doc-complete, html5, sec-want})

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Helps against XSS, )

User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:2.0b11pre) Gecko/20110202 Firefox/4.0b11pre
Build Identifier: 4.0b11pre

http://dev.w3.org/html5/spec/the-iframe-element.html#attr-iframe-seamless

"The seamless attribute is a boolean attribute. When specified, it indicates that the iframe element's browsing context is to be rendered in a manner that makes it appear to be part of the containing document (seamlessly included in the parent document)."

see also bug 80713 and details about related "moz-seamless"

Reproducible: Always

Steps to Reproduce:
[this is a feature request]
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Mac OS X → All
Hardware: x86 → All
Version: unspecified → Trunk
Depends on: 80713
It should be easy to implement, a small rule can be add into html.css :
iframe[seamless] {
border:none;
}
The second part doesn't work but it should be something like this :
iframe[seamless] scrollbar {
display:none;
}
this is a small rule that should Implement the border [border from ntim007] as well as the second part and makes most if not all values their default that could and should be added into html.css:

iframe[seamless], iframe[seamless="*"]:not([seamless="false"]):not([seamless="no"]) {
border:none;
width:auto;
height:auto;
padding: 0px;
background-color: transparent;
overflow:visible;
overflow-y:visible;
overflow-x:visible;
}
Assignee: nobody → jkitch.bug
Assignee: jkitch.bug → nobody
I have HTML5 seamless iframe too , because UC Browser 9.9 support seamless iframe no prefix as release.

Link browser support - http://caniuse.com/#feat=iframe-seamless

Picture - http://s7.postimg.org/kc4l375nf/Screenshot_from_2014_11_20_21_24_07.png
The navigation behaviour, when the seamless attribute is specified, relies on the source browsing context (see [1] step 3).
We have this now and set it fairly consistently, but not correctly in all cases.
Bug 960563 tracks this.

[1] https://html.spec.whatwg.org/multipage/browsers.html#navigate
Depends on: 960563
This has been removed from the current HTML5 spec[1] and this bug should probably be closed.

[1] https://github.com/whatwg/html/issues/331
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
(In reply to Zach Lym from comment #5)
> This has been removed from the current HTML5 spec[1] and this bug should
> probably be closed.
> 
> [1] https://github.com/whatwg/html/issues/331

Thanks you to result , I have to HTML5 spec to real standard.
Good catch :ms2ger. Thx. Entry removed.
Per comment 7, the spec states:
> The following properties have been added: srcdoc, sandbox, seamless, and contentWindow.

Thus, the reason for WONTFIX was a misunderstanding. REOPENing on that ground.

More importantly, this is a critically important feature for the web. iframes are an important security container, and having them size to content is a requirement in many places.

One example is to take user contributed rich content, and render it as part of the page. Yet, the user content must not have access to the rest of the page. Concretely, if I was to write an email client as webapp, and I wanted to have a "conversation view" with consecutive emails, I would need this. I would jail each HTML email into a seamless iframe, and size the iframe to content, and then I could put 10 emails one after the other.

Current webapps work around this by trying to sanitize the HTML on the server side before display. That is one solution, and they should continue to do that, but we all know that there are plenty of XSS exploits. The seamless iframe would be a welcome additional protection.

The more apps migrate to the web, the more this is needed.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Keywords: sec-want
Whiteboard: Helps against XSS
Status: REOPENED → NEW
The spec doesn't define seamless anymore, so I don't see how we can keep this open.
If you want seamless, file a spec bug and get it defined there.

(MDN seems to still mention seamless even though it isn't in the spec and was even removed from Chrome
https://github.com/whatwg/html/issues/331#issuecomment-156712803)
Status: NEW → RESOLVED
Closed: 3 years ago3 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.