Ads and tizen API in iframe

By tanrei nama

30 Jul 2013 00:58 English 3 Replies

I would like to place an advertisement on a Web application.
The advertisement was distributed by IFRAME and uses JavaScript.

Usually, the advertisement is safe to the exterior of IFRAME.

However, when this advertisement distributes the script containing tizen API, the security collapses.
There is only one way to make tizen API impossible to use - Leave out 'allow-scripts' from sandbox attribute and forbid JavaScript.

Is there any way to permit JavaScript and NOT permit calling tizen API?

Tizen should adds "allow-tizen-api" option to sandbox attribute of iframe. It is the method of forbidding tizen API in IFRAME.
It is a security probrem. Is there any ideas?

Edited by: Brock Boland on 17 Mar, 2014 Reason: Paragraph tags added automatically from tizen_format_fix module.

Responses

3 Replies

Lakshmi Grandhi

30 Jul 2013 01:40

Hi, Your suggestion has to be considered as part of Web Application Framework, currently Tizen platform supports w3c standards for iframe element. I have created your request as new feature task in JIRA https://bugs.tizen.org/jira/browse/TSDK-163. Kindly follow it for more updates.

Reply to this post
Mark as answer
- Report
- Edit
- Delete

tanrei nama

06 Aug 2013 02:08

Okey, I saw the JIRA comment. Please let me check. As an example, when I place facebook's 'like' button in Web Application, facebook can use all privileges in the application. There is no way to mashup safely. Is it right?

Reply to this post
Mark as answer
- Report
- Edit
- Delete

tanrei nama

06 Aug 2013 02:30

Sorry, I'm misunderstanding. There is no way to place 'http://~' src IFRAME in Web Application. Is it right?

Reply to this post
Mark as answer
- Report
- Edit
- Delete

User Menu

Tizen Developers

Community

Community

Responses

Search form

Languages

Responses