[Tizen Application-dev] Iframes in web apps

Ryan Ware ware at linux.intel.com
Wed Feb 15 23:45:33 GMT 2012


Tizen enforces same origin policy just like any other WRT environment.  The
may be ways of weakening this in the future with things like CORS or CPS at
some point after they are accepted as standards.  However, that's definitely
the future and not now.

Ryan

> -----Original Message-----
> From: application-dev-bounces at lists.tizen.org [mailto:application-dev-
> bounces at lists.tizen.org] On Behalf Of Pierce, Dean E
> Sent: Tuesday, February 14, 2012 1:49 AM
> To: Ed Nurse
> Cc: application-dev at lists.tizen.org
> Subject: Re: [Tizen Application-dev] Iframes in web apps
> 
> If there was a way to programmaticly give yourself access to arbitrary
> domains that would be a same-origin nightmare :-)  I am not completely
> familiar with the Tizen SDK, but you may be able to set access to
> *.com *.net etc.  Again, I'm not sure if the Tizen SDK will let you do
> this (hopefully not) but you should not give access to the * domain.
> That is the web equivilant of running as root, so any javascript
> injections would allow an attacker full access to the web context of
> your browser.
> 
> Once more, I am making all of this up based on my previous experience
> with webkit based runtimes, but it's about time I dig into this and
> really check out how the Tizen SDK really behaves with respect to same
> origin policy.  Hopefully I can respond in a bit with a more informed
> suggestion.
> 
>     - DEAN
> 
> On Tue, Feb 14, 2012 at 01:33, Ed Nurse <ednurseuk at yahoo.co.uk> wrote:
> > Hi,
> >
> >
> > I want to create a app effectively containing an embedded web browser. I
> have implemented this as a web app containing an iframe, however this
> gives me 2 problems:
> >
> >  - I can only specify the domains that I can access via the "Access" tab
> in config.xml at compile time, thus severely reducing what sites can be
> accessed. Is there a way round this?
> >  - I have sized my iframe to fill the part of the screen not being used
> by my app, but I cannot scroll at all within the iframe, meaning I can
> only see the top-left of the remote page. Is this a known limitation?
> >
> > Cheers
> >
> > E
> >
> >
> > ---------- Forwarded message ----------
> > From: Ed Nurse <ednurseuk at yahoo.co.uk>
> > To: "application-dev at lists.tizen.org" <application-dev at lists.tizen.org>
> > Cc:
> > Date: Tue, 14 Feb 2012 09:06:55 +0000 (GMT)
> > Subject: Iframes in web apps
> > Hi,
> >
> > I want to create a app effectively containing an embedded web browser. I
> have implemented this as a web app containing an iframe, however this
> gives me 2 problems:
> >
> >  - I can only specify the domains that I can access via the "Access" tab
> in config.xml at compile time, thus severely reducing what sites can be
> accessed. Is there a way round this?
> >  - I have sized my iframe to fill the part of the screen not being used
> by my app, but I cannot scroll at all within the iframe, meaning I can
> only see the top-left of the remote page. Is this a known limitation?
> >
> > Cheers
> >
> > Ed
> >
> > _______________________________________________
> > Application-dev mailing list
> > Application-dev at lists.tizen.org
> > https://lists.tizen.org/listinfo/application-dev
> >
> _______________________________________________
> Application-dev mailing list
> Application-dev at lists.tizen.org
> https://lists.tizen.org/listinfo/application-dev



More information about the Application-dev mailing list