[webkit-dev] "Magic Iframe" removal proposed

Dmitry Titov dimich at chromium.org
Mon Mar 19 18:25:26 PDT 2012

On Mon, Mar 19, 2012 at 6:09 PM, Geoffrey Garen <ggaren at apple.com> wrote:

> Hi Dmitry.
> Two thoughts on this:
> (1) If we remove this feature, are Chromium/GMail developers going to
> re-request the other "shared document" features that this feature subsumed?
> Or are y'all now convinced that "shared document" is, in general, not a
> good idea?

On a contrary, 'shared application state' could be a good idea, however
this particular way to implement it unfortunately is very difficult to get
right. There are no Google applications that use this feature currently,
and there is understanding of the costs involved. There is a possibility
that some other idea can both address the potential need and be reliably
implementable at the same time. Workers, for example, are a good case of
limiting the surface that also limits design/maintenance costs. Perhaps
something similar can be proposed for shared state. However, there was a
discussion in Chromium and it appears that ongoing design and maintenance
of magic iframe is not worth the benefit the feature provides for the

> The reason I ask this is that, given your description, I see some problems
> with the shared iframe feature, but I still think it's much better
> than previously proposed alternatives.
> (2) I think you should share your data with the relevant standards bodies,
> and suggest a change to the HTML5 spec, if you haven't done so already. I
> wouldn't want to remove this feature just to add it back later for the sake
> of spec compliance.

Good suggestion, will do. Just wanted to give WebKit community a heads-up...

> Thanks,
> Geoff
> On Mar 19, 2012, at 5:51 PM, Dmitry Titov wrote:
> Hi,
> There is a patch posted <https://bugs.webkit.org/show_bug.cgi?id=81590>for removal of the 'magic iframe' feature. This is the ability to move
> 'live' iframe from one page to another w/o unloading it.
> If you have interest or ideas about this feature, please reply.
> This feature was added 2 years ago (bug here<https://bugs.webkit.org/show_bug.cgi?id=32848>).
> It was intended as a shared app context for complex apps that span several
> pages. In case when random set of pages is closed, the surviving iframe
> could be passed between remaining pages and serve as 'app state'.
> This behavior is somewhat described in HTML5 spec<http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-iframe-element>:
> "Removing an iframe from a Document does not cause its browsing context to
> be discarded. Indeed, an iframe's browsing context can survive its original
> parent Document if its iframe is moved to another Document."
> All non-WebKit browsers don't have this and always unload the iframe when
> it is disconnected form the document.
> We did have quite a few issues with this mechanism. The root of the
> problem seems to be that traditionally, multiple 'permissions' and 'live
> objects' are associated with a top-level page, or a top frame of some kind,
> instead of being associated with each Frame. Even HTML specifications often
> formulate the scope of things like permissions in terms of a page - for
> example, geo permissions are computed based on the origin of the page. When
> an iframe is transferred from one page to another, it may enter a different
> set of permissions while already performing operations authorized
> before. Association with the top-level page is also used to determine which
> one should show modal UI for HTTP Auth, per-origin permissions, or
> certificate issues for example.
> As a result, we had quite a few bugs popping up (and fixed).
> This is somewhat obscure feature of the platform. Only a few apps that we
> knew used the feature. Most developers, both app and webkit kind, don't
> even know about it. When new mechanisms/APIs are implemented, a lot of
> objects get associated with Page (WebView) level and they are almost
> 'automatically' broken in case of live iframe transfer because once old
> page closes, it destroys the objects with lifetimes scoped by it. This
> makes it somewhat dangerous and difficult to support. The benefits that it
> gives to the big multi-page applications do not seem to warrant the actual
> complexity of maintaining this feature.
> Other browsers never implemented the feature, siting difficult design due
> to various thorny security issues as well.
> This is potentially a compatibility issue for sites that use
> document.adoptNode(iframe) to ensure live transfer of an iframe from one
> page to another.
> In the future, if there will be sufficient need, it is possible to design
> a 'shared module' feature that would explicitly deal with various
> security/lifetime boundaries.
> Please let us know what you think.
> Thanks,
> Dmitry
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120319/4169e38d/attachment.html>

More information about the webkit-dev mailing list