Skip to content

Commit

Permalink
CSS opacity based on prefers-reduced-transparency media query (#3…
Browse files Browse the repository at this point in the history
…0999)

* CSS `opacity` based on `prefers-reduced-transparency` media query

* Apply suggestions from code review

Co-authored-by: Estelle Weyl <[email protected]>

* update

---------

Co-authored-by: Estelle Weyl <[email protected]>

S
  • Loading branch information
ramiy authored and Tenkir committed Dec 22, 2023
1 parent e0720b2 commit d17b151
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions files/en-us/web/html/element/iframe/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Global_attrib
- `allow-popups`
- : Allows popups (like from {{domxref("Window.open()")}}, `target="_blank"`, {{domxref("Window.showModalDialog()")}}). If this keyword is not used, that functionality will silently fail.
- `allow-popups-to-escape-sandbox`
- : Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them. This will allow, for example, a third-party advertisement to be safely sandboxed without forcing the same restrictions upon the page the ad links to.
- : Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them. This will allow, for example, a third-party advertisement to be safely sandboxed without forcing the same restrictions upon the page the ad links to. If this flag is not included, a redirected page, popup window, or new tab will be limited to the same sandbox restrictions as the originating `<iframe>`.
- `allow-presentation`
- : Allows embedders to have control over whether an iframe can start a [presentation session](/en-US/docs/Web/API/PresentationRequest).
- `allow-same-origin`
Expand All @@ -125,9 +125,7 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Global_attrib
> - When the embedded document has the same origin as the embedding page, it is **strongly discouraged** to use both `allow-scripts` and `allow-same-origin`, as that lets the embedded document remove the `sandbox` attribute — making it no more secure than not using the `sandbox` attribute at all.
> - Sandboxing is useless if the attacker can display content outside a sandboxed `iframe` — such as if the viewer opens the frame in a new tab. Such content should be also served from a _separate origin_ to limit potential damage.
> **Note:**
>
> - When opening a link from an embedded page with the `sandbox` attribute, the Auxiliary Window is restricted to the same `sandbox` values unless `allow-popups-to-escape-sandbox` is included.
> **Note:** When redirecting the user, opening a popup window, or opening a new tab from an embedded page within an `<iframe>` with the `sandbox` attribute, the new page, popup window or new tab is restricted to the same `sandbox` values. This can create issues, for example, if an embedded page within an `<iframe>` with attribute `sandbox="allow-scripts"` opens a new site in a seperate tab, form submission in that new tab will silently fail. To get around these problems, either include the `allow-popups-to-escape-sandbox` value, or the applicable `sandbox` value to enable the desired behavior.
- `src`
- : The URL of the page to embed. Use a value of `about:blank` to embed an empty page that conforms to the [same-origin policy](/en-US/docs/Web/Security/Same-origin_policy#inherited_origins). Also note that programmatically removing an `<iframe>`'s src attribute (e.g. via {{domxref("Element.removeAttribute()")}}) causes `about:blank` to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS.
Expand Down

0 comments on commit d17b151

Please sign in to comment.