is it really needed to show a page just because their URL was typed?especially since such an included/iframed page can easily be used for tracking purposes and it becomes especially annyoing when you just type your domain to show which domain you used for LE or whatever na dthen you cnanot see the domain.
I wish to request that unless specified a URL should always be either non-clickable or just a link maybe depending on the rank of the user, but never be iframed, beucase it’s easy that a potential malware domain gets iframed and even if just because of a typing mistake (domainsquatting by some other entity)
I think only special sites are oneboxed, like Google Docs. But I don’t like iFrames here either, I think they should be disabled. All other oneboxing is fine, but no iFrames please.
Oneboxing is a general term for these things. If you post a link to GitHub or another thread here on a separate line, it’s not iframing it but instead just shows a snippet, so basically inlining external content.
well that’s actually not bad, but there should be a way to set stuff about that on a per-user basis, especially when sites get iframes as was especially seen with the LE beta form, because an iframe can track users and tracking is evil.
If you think IFRAMES are evil on all websites, just download noscript to block them (“Embedding” tab and check “Forbid IFRAME”, “Apply these restrictions to whitelisted sites too”).
AFAIK Discourse does not use iframes (as also indicated by this thread which only shows an experimental implementation of this).
Like it was already said Discourse uses Oneboxes, where you cannot be tracked.
The only thing I saw on Discourse forums embedded, which may track you, are video embeddings like embedded YouTube videos. There is still no IFrame used but YouTube may track your site visit if you visit such a site - but hey, embedded YouTube videos are everywhere on the web…
Regardless of whether oneboxing is used, I oppose ANY use of iframes. They should not be in the HTML standard. But I also oppose oneboxing in general unless the poster gives permission first.
About “noscript”, which I assume is a browser add-on, just because a workaround is available is not an excuse to do something the wrong way.
well the onebox is an intresting idea and not an iframe at all. it’s more like the foru parses part of the page and includes it server-side, as far as i can get it correctly, but still there should be a setting for the poster to shut off the onebox and/or the iframe, while latter shouldnt even be in this forum by default…
also iframe isnt a bad concept in general it’s similar to goto eval or exec in PHP, which are hated for legit reasons but they also have legit uses (exec for example can use inkscape to convert and SVG to PNG, imagick is junk, I already tested that one, eval can be useful for dynamically building if-clauses, and goto is an easy way to jump out of your condition and a lot easier to handle than a Multi-level break.