Monday, April 13th, 2009
We’ve all seen iframes used in an attempt to allow you to surf away from site A to site B whilst still allowing site A to inject some sort of presence into the experience. As Marcus Westin puts it:
“iframing” by some, e.g. facebook and digg, adds value to your site; iframing by others, e.g. meebo.com.br, detracts value. There is no way for the user to pick and choose, because of cross domain policies.
Marcus has an idea for solving this problem:
Say digg.com wants to iframe http://blog.narcvs.com/?p=55. I permit this, along with say facebook.com and marcuswestin.com, but I don’t want anyone else to iframe my site. On blog.narcvs.com, I just include the oframebust script and list the domains I want to allow:HTML
- oFrameBust('digg.com', 'www.facebook.com', 'www.marcuswestin.com');
Then when digg wants to iframe me, they pass in the oframebust parameter declaring their domain:
The oframebust script automatically detects the oframebust GET parameter, and uses it to create an iframe to http://digg.com/oframebust.html – since this page lives on the digg.com, it is allowed to read the top.location.hostname – if the top frame indeed is digg.com!
Read more about it in Marcus’ announcement post. As he explains in the post, his protocol succeeds only if the iframers and the iframees both pick up and run with the idea.
oframebust succeeds or fails with the community, and I would love to see if we can get people to start using it.
Posted by Ben Galbraith at 11:00 am