2.18.2011

My curiosity and fear of IFRAMES (and PearlTrees again. LOL)

I almost feel like someone at PearlTrees is following my blog.  I mentioned the Flash in Flash inheritance problem as a bad thing, and 2 days later...  when you click on a Pearl containing Flash content, it loads a thumbnail image with an overlay stating, "Page not available in Pearltrees, click to open in a new tab."

And when it opens in a new tab, any addons, blockers, malware/spyware detection, etc. works as YOU would have it work.

A bit about myself.  I'm very serious about being in control of what comes into my browser.  As someone who narrowly evaded identity theft; I religiously use browser add-ons for: antivirus, malware/spyware, along with ad and flash blockers.  And currently I'm investigating the importance of having the ability to load or not an IFRAME tag.  Since an IFRAME can contain any damned thing, it's pure code injection - could be HTML5, could be javascript, could be Flash; and IFRAME is a dirty hole in a web page that oozes infections.  Seriously the concepts of page "poisoning" and code injection apply here.  Muy mal.  There are browser add-ons/extensions that block scripts that can be set to block IFRAMES and provide a white list so that you can enable the content if you trust the site.

At the same time, an IFRAME can be used for good.  But the USER must decide on what represents a trusted source (the reason I mentioned script blockers and whitlisting).  So it's another dual edged sword like Flash.  Used for good, it would be a great way to embed HTML5 of javascript content into a page to provide functionality.  With the SAAS cloud model (service as appliacation - like Google docs), it would be plausible to add mini-applications in HTML5 or flash embedded in a page.  (In HTML5 or Flash if you build your app to be scalar a user can use pinch to zoom to bring it to a functional size with no change in appearance at all (pixelation or grain from scaling doesn't apply to scalar design).

If I could move HTML5 development and delivery to the cloud, then it could be delivered in a blog page via an IFRAME - so applications and functionality could be embedded.  But there's the dual edged sword - the IFRAME tag is dangerous.  There's no way around it.

I promise to do no harm. Makes me want to put up a caduceus symbol on my blog somewhere.

No comments: