Simon Willison’s Weblog

10 items tagged “iframe”

premasagar’s sandie. “Sandie is a simple method for loading external JavaScript files into a page without affecting the global scope, to avoid collisions between conflicting scripts”—works by loading the script in an invisible iframe (hence a new global scope) and then passing a reference to a callback function in the parent page. # 6th May 2010, 8:37 pm

JSLitmus. “A lightweight tool for creating ad-hoc JavaScript benchmark tests”. Includes an ingenious hack for graphing the results—it generates a Google Chart, then provides a TinyURL for viewing that chart in the future. The TinyURL is generated by pointing an inconspicuous iframe at the TinyURL API and letting the user copy-and-paste the resulting shortened URL directly out of the iframe. # 28th October 2009, 5:11 pm

Why an OAuth iframe is a Great Idea. Because users should a) learn to be phished and b) not even be given the option to avoid being phished if they know what they’re doing? No, no and thrice no. If you want to improve the experience, use a popup window so the user can still see the site they are signing in to in the background. # 16th July 2009, 8:29 pm

Teaching users to be secure is a shared responsibility

Ryan Janssen: Why an OAuth iframe is a Great Idea.

[... 570 words]

Ehy IE8, I Can Has Some Clickjacking Protection? (via) IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe. # 29th January 2009, 1:39 pm

Quickchoice—a Speed Dial clone (via) Lovely demonstration of the CSS transform property, as supported by modern browsers. The magic is all in the “iframe { transform: scale(0.25, 0.25) translate(-1200px, -900px) }”. # 23rd December 2008, 12:49 pm

The Future of Comet: Part 1, Comet Today. Absolutely the best summary I’ve seen of all of the current Comet techniques in one place. # 11th December 2007, 1:13 pm

Background Iframe (bgiframe). jQuery plugin that inserts an iframe shim behind an element in IE, allowing the element to be positioned overlapping a select box without the select box showing through. # 9th August 2007, 2:54 pm

Firefox promiscuous IFRAME access bug. Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched? # 6th June 2007, 10 am

Cross Domain Frame Communication with Fragment Identifiers. Google are using this crazy iframe/fragment trick for their new Mapplets API. # 31st May 2007, 2:15 pm