언어 설정

Menu
Sites
Language
Ads and tizen API in iframe

I would like to place an advertisement on a Web application.
The advertisement was distributed by IFRAME and uses JavaScript.

<iframe src="http://ads.com/ads.html" sandbox="allow-scripts"></iframe>

Usually, the advertisement is safe to the exterior of IFRAME.

However, when this advertisement distributes the script containing tizen API, the security collapses.
There is only one way to make tizen API impossible to use - Leave out 'allow-scripts' from sandbox attribute and forbid JavaScript.

Is there any way to permit JavaScript and NOT permit calling tizen API?

Tizen should adds "allow-tizen-api" option to sandbox attribute of iframe. It is the method of forbidding tizen API in IFRAME.
It is a security probrem. Is there any ideas?

 

Edited by: Brock Boland on 17 3월, 2014 Reason: Paragraph tags added automatically from tizen_format_fix module.
목록

Responses

3 댓글
Lakshmi Grandhi
Hi, Your suggestion has to be considered as part of Web Application Framework, currently Tizen platform supports w3c standards for iframe element. I have created your request as new feature task in JIRA https://bugs.tizen.org/jira/browse/TSDK-163. Kindly follow it for more updates.
tanrei nama
Okey, I saw the JIRA comment. Please let me check. As an example, when I place facebook's 'like' button in Web Application, facebook can use all privileges in the application. There is no way to mashup safely. Is it right?
tanrei nama
Sorry, I'm misunderstanding. There is no way to place 'http://~' src IFRAME in Web Application. Is it right?