HTML Frames Considered Harmful
DLWormwood writes "Secunia has recently issued yet another advisory about web browser vulnerabilities, this time concerning the use of frames in web pages. Originally discovered to be in Internet Explorer, the security experts apparently worked overtime just to make sure the same "flaw" is found in just about every other browser out there. Doesn't this notice simply complain about a specified design feature of frames? (Note their official "advice": "Do not visit or follow links from untrusted websites.")"
Really, it sucks that there's no visual association between child and parent windows (like a string attaching them, or something). If a dialog comes up from a Javascript, how are you to know what frame it belongs to?
The idea up throwing up dialogs really predates the need to provide a trusted interface to the user.
May we never see th
It seems to me that the whole premise behind this so-called vulnerability is wrong. Frames and windows don't have owners, so there's nothing for the browser to verify.
So yeah, I think the "a specified design feature of frames" thing is pretty close to the truth.
I write in my journal