HTML and CSS Reference
In-Depth Information
To quote the HTML5 spec: “The
sandbox
attribute, when specified, en‐
ables a set of extra restrictions on any content hosted by the
iframe
. Its
value must be an unordered set of unique space-separated tokens that
are ASCII case-insensitive. The allowed values are
allow-forms
,
allow-
same-origin
,
allow-scripts
, and
allow-top-navigation
. When the
attribute is set, the content is treated as being from a unique origin,
forms and scripts are disabled, links are prevented from targeting other
browsing contexts, and plug-ins are disabled. To limit the damage that
can be caused by hostile HTML content, it should be served using the
text/html-sandboxed
MIME type.”
var
getFrame
=
function
()
{
var
frame
=
document
.
getElementById
(
"temp-frame"
);
if
(
!
frame
)
{
// create frame
frame
=
document
.
createElement
(
"iframe"
);
frame
.
setAttribute
(
"id"
,
"temp-frame"
);
frame
.
setAttribute
(
"name"
,
"temp-frame"
);
frame
.
setAttribute
(
"seamless"
,
""
);
frame
.
setAttribute
(
"sandbox"
,
"allow-same-origin"
);
frame
.
style
.
display
=
'none'
;
document
.
documentElement
.
appendChild
(
frame
);
}
// load a page
return
frame
.
contentDocument
;
};
var
insertPages
=
function
(
text
,
originalLink
)
{
var
frame
=
getFrame
();
//write the ajax response text to the frame and let
//the browser do the work
frame
.
write
(
text
);
//now we have a DOM to work with
var
incomingPages
=
frame
.
getElementsByClassName
(
'page'
);
var
pageCount
=
incomingPages
.
length
;
for
(
var
i
=
0
;
i
<
pageCount
;
i
++
)
{
//the new page will always be at index 0 because
//the last one just got popped off the stack with
//appendChild (below)
var
newPage
=
incomingPages
[
0
];
//stage the new pages to the left by default
newPage
.
className
=
'page stage-left'
;
//find out where to insert
var
location
=
newPage
.
parentNode
.
id
==
'back'
?
'back'
:
'front'
;
