Re: [twdev] Seeking Thoughts On ... embed / object / iframe in TW
Thanks Andreas, that is helpful info. On Friday, 8 June 2018 14:53:32 UTC+2, Andreas Hahn wrote: > > Hi Josiah, > > from what I can tell, in certain browsers, the use of the tag > disallows the javascript contexts of both sites to communicate via > messages. This would be the desired behaviour when embedding things into > your tiddlywiki, as where it is allowed are also allowed to > inject javascript into your wiki, effectively taking it over, should it > be a malicious site. > > > /Andreas > > -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywikidev+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywikidev@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywikidev. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/8a994a6e-def9-4c38-ae0d-e3865dc07e2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [twdev] Seeking Thoughts On ... embed / object / iframe in TW
Hi Josiah, from what I can tell, in certain browsers, the use of the tag disallows the javascript contexts of both sites to communicate via messages. This would be the desired behaviour when embedding things into your tiddlywiki, as where it is allowed are also allowed to inject javascript into your wiki, effectively taking it over, should it be a malicious site. /Andreas -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywikidev+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywikidev@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywikidev. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/b18ff7ed-0b7c-4ecf-1e6f-c1174e01e16a%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
[twdev] Seeking Thoughts On ... embed / object / iframe in TW
My case: I would like to make a TW that often shows in a box other sites. People warn me: *That is dangerous. If you don't know what you are doing a cracker could eat you.*I'd like to be clearer about security of object v. iframe ... I notice that HTML5 iframe has sandboxing options. I have no idea if object (being used for pages, NOT video or audio or images) is a safe idea for windowing of remote sites in general. Before I go on with this I'd appreciate any general comments, thoughts about basic steps I need to look at. Nothing huge, just a pointer or two. Many thanks for any help Josiah -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywikidev+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywikidev@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywikidev. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywikidev/1cfcee8b-5cc5-4d9d-a4b9-ba49e2252c9b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
