Seeking Thoughts On ... embed / object / iframe in TW
33 views
Skip to first unread message
@TiddlyTweeter
Jun 8, 2018, 5:35:07 AM6/8/18
to TiddlyWikiDev
My case: I would like to make a TW that often shows in a box other sites.
People warn me: That is dangerous. If you don't know what you are doing a cracker could eat you.
I'd like to be clearer about security of object v. iframe ...
I notice that HTML5 iframe has sandboxing options.
I have no idea if object (being used for pages, NOT video or audio or images) is a safe idea for windowing of remote sites in general.
Before I go on with this I'd appreciate any general comments, thoughts about basic steps I need to look at. Nothing huge, just a pointer or two.
Many thanks for any help
Josiah
People warn me: That is dangerous. If you don't know what you are doing a cracker could eat you.
I'd like to be clearer about security of object v. iframe ...
I notice that HTML5 iframe has sandboxing options.
I have no idea if object (being used for pages, NOT video or audio or images) is a safe idea for windowing of remote sites in general.
Before I go on with this I'd appreciate any general comments, thoughts about basic steps I need to look at. Nothing huge, just a pointer or two.
Many thanks for any help
Josiah
Andreas Hahn
Jun 8, 2018, 8:53:32 AM6/8/18
to tiddly...@googlegroups.com
Hi Josiah,
from what I can tell, in certain browsers, the use of the <object> tag
disallows the javascript contexts of both sites to communicate via
messages. This would be the desired behaviour when embedding things into
your tiddlywiki, as <iframes> where it is allowed are also allowed to
inject javascript into your wiki, effectively taking it over, should it
be a malicious site.
/Andreas
from what I can tell, in certain browsers, the use of the <object> tag
disallows the javascript contexts of both sites to communicate via
messages. This would be the desired behaviour when embedding things into
your tiddlywiki, as <iframes> where it is allowed are also allowed to
inject javascript into your wiki, effectively taking it over, should it
be a malicious site.
/Andreas
@TiddlyTweeter
Jun 8, 2018, 9:14:25 AM6/8/18
to TiddlyWikiDev
Thanks Andreas, that is helpful info.
Reply all
Reply to author
Forward
0 new messages