Site authors should have the ability to prevent other sites from using their sites' content in a frame. While this can already be accomplished using a scripting language like Javascript, it should be possible to implement using plain HTML 5.
It is not right to force site authors to rely on Javascript or other scripting languages to break out of frames. Many browsers have Javascript disabled. Running Javascript also has a performance cost, even if it is very slight.
Under the current HTML 5 specification, web pages that are not compliant with HTML 5 can place an HTML 5 page in a frame. Nothing currently in the HTML 5 specification prevents an HTML 5-compliant browser from displaying an HTML 5 page in a frame set by a different, non-HTML 5 page. This situation should not stand.
Proposal
Thus is proposed for HTML 5 a new attribute for the HTML tag: framing. The default for the attribute would be set to "allow."
When the attribute is set to "allow", browsers must display an HTML 5 page as stated elsewhere in the HTML 5 spec. The web page would be frameable. For example,
- Code: Select all
<html framing="allow">
- Code: Select all
<html>
Both do the same. If an HTML 5 page is so coded, and the page is framed, a browser should display the page in the frame.
If an HTML 5 page's HTML element has framing="deny", a browser must not display the page within a frame. This includes an iframe. Instead of the framed page, browsers may show either a blank page or an explanatory message.
- Code: Select all
<html framing="deny">
A browser must not frame an HTML 5 page with the above tagging. Instead the browser must show either a blank page or an explanatory message.
The third and final possible value for the attribute is next. If an HTML 5 page's HTML element has the attribute framing="takeover", a browser must not display the page within a frame. Instead of the framed page, the browser must treat the frame src call as an href that has been selected. All frames on the current page should be dropped and the browser should proceed to the "framed page" in an unframed manner.
- Code: Select all
<html framing="takeover">
A browser must not frame an HTML 5 page with the above coding. Instead the browser must display this page unframed, taking over the browser window.
There is slightly different behavior for iframe. A page in an iframe with framing="takeover" should be treated the same way as framing="deny". The reason is that an iframe is usually small and meant only for a specific purpose. Therefore taking over the entire page would not be appropriate.
Notes
At this point, error handling should be addressed. If framing is set to anything other than "allow", "deny", or "takeover", that is an error. In such a case, a browser should treat the page as if framing were set to "allow."
If a framing web page frames multiple web pages while more than one has framing="takeover", the first such page listed will "takeover" the page. The other "takeover" pages will not be displayed.
For reason of ease of implementation, a browser may briefly display a page with framing="deny" or "takeover" in a frame if the browser quickly switches to a blank page, the explanatory message, or the takeover page, as appropriate.
Site authors may wish for additional complexity. For example, "allow framing by certain domains but not others," or "if the page is framed, don't display the content but instead display a link to my site." Such cannot be accomplished using only the framing attribute. For site authors desirous of such complexity, there are many useful tools available, including Javascript.
Why
Framing is controversial because it often breaks page navigation and bookmarking. It tends to confuse people about who owns what web page. In some cases, framing can lead to intellectual property concerns. Links to framing pages may give search engine rank to the framing site instead of the content site. It is difficult to print framed pages. It is difficult for a screenreader to handle framed pages. Many site authors do not want their sites framed for aesthetic reasons. If one does not want one's content to be used to publicize another site, one should have that right. If a web developer does not want his site framed for any reason, browsers should honor that decision.
Implementation
I believe the framing attribute would be relatively simple for browsers to implement. Once browsers begin to implement it, many HTML 5 developers are likely to quickly adopt it. Web site authors will have a useful new tool that saves time and headaches, is simple to use, and does not require a scripting language.
As browsers begin to support HTML 5 and the framing attribute, the control of site authors will be increased. Site authors may nevertheless still see a need to use scripting to dispose of frames, because there will still be browsers that do not recognize the framing attribute. Yet, over time, the number of such browsers should decrease as HTML 5 flourishes.
Summary
The attribute 'framing' to the HTML element would be a useful addition to the HTML 5 specification.
If there is some mistake in this proposal, it is my responsibility. Thank you.