[Zope] Zope ZMI Templates
Tino Wildenhain
tino at wildenhain.de
Thu Jan 17 03:01:32 EST 2008
Andreas Jung wrote:
...
> Iframes are still a valid choice in case asynchronous won't work e.g.
> when you need to load resources from servers != your origin server. Due
> the security model of asynchronous requests, a browser will only load
> stuff from the origin server. Iframes are a way to work around this
> limitation - ugly as you said, but sometimes a good workaround.
Not only ugly but also a very security threat. Been there, seen a lot
important sites fell on their noses when it comes to CSS* and friends.
Better find another solution in such cases and allow users to disable
support for iframes for better security.
*) here: cross site scripting
Regards
Tino
More information about the Zope
mailing list