And due to the seamless way webviews are implemented, a nontechnical user would have no way of knowing that they’re actually viewing a completely unaffiliated website in context of the native app.įor example, a few years ago we got word that an Android app was embedding Soundslice’s free MusicXML file viewer. Each has a specific example, and in almost each case I have direct experience in my work running Soundslice.Ī native app can make misleading claims about the websites that it frames. Why, precisely, is this bad? Here are four reasons. In a web context, it’s maligned in a native app context, it’s totally ignored. Somewhere along the way, despite a reasonably strong anti-framing culture, framing moved from being a huge no-no to a huge shrug. These native apps aren’t (for the most part) putting advertising around websites - but they’re maintaining control over the user’s browsing experience, sometimes spying on users, and providing various problems for the framed websites, with zero recourse available for the users or website owners.
It’s TotalNews - but for the 2020s, and much worse. But this time, the framed website has no way to framebust. Seem familiar? This is framing, merely in app form.
It looks like a separate browser, but in fact it’s still the Twitter app in disguise. It doesn’t identify itself as Twitter anywhere, and it looks, well, pretty plain.īut in fact, this is something entirely different - a more ephemeral thing called a “webview” or “in-app browser.” This is a way for a native app to embed a mini web browser, while asserting control over the user experience and attaching UI, functionality and other cruft. To the untrained eye, this appears to be my phone’s web browser. Instead, the app embeds the web page directly, so you don’t leave their environment.įor example, here’s what I got in the Twitter iOS app when I clicked the link in one of Simon Willison’s recent tweets: If you click a web link in the native Facebook, Instagram, Reddit or Twitter apps on your smartphone, you won’t be taken to your phone’s web browser. Framebusting is more or less a solved problem. And lovely web frameworks such as Django provide protection, via that header, out of the box. These days, framebuster scripts are no longer necessary, because websites can use a special HTTP header, X-Frame-Options, to block framing in an elegant and effective way. Imagine typing your bank credentials into (what you think is) your bank website, whereas it’s in fact an evil site logging everything you’ve typed. That’s when, for example, a website frames your site, then hijacks user input such that users are fooled into thinking they’re interacting with your site while they’re actually providing data to the (evil) containing site. Over time, web developers and security researchers realized there’s a more serious reason a website would want to protect against framing: clickjacking. (See this excellent 2010 review of framebusting techniques and its accompanying slide deck for a technical overview.) This is essentially website self-defense. This is the technique of putting some JavaScript in your site to check whether it’s currently being framed - and “breaking out of” the frame as needed. So much, in fact, that “framebuster” scripts became popular. This established a precedent, if not legally then at least culturally: Framing without permission was not OK.īut the shady practice continued. TotalNews, Inc., et als., was settled out of court, and TotalNews was prohibited from embedding the sites going forward. So in February 1997, a group of them sued. Somehow news sites didn’t appreciate TotalNews misappropriating and profiting from their content. My own web browsing at the time was spent on Pearl Jam fan sites, so I never saw TotalNews firsthand, but this snapshot from December 1996 provides a vague picture. Yeah, it was the early, wild west days of the web - but you have to admire their chutzpah. It was only fair for them to be compensated with ad revenue for providing this incredible convenience. Naturally, TotalNews added advertising around the news as well. (Because, well, it was literally those other websites.)
Using a new technology called the HTML element, TotalNews embedded the top American news sites - content, design and everything! - in such a way that the news was always fresh.
Why not make a single website that itself contained all the top American news websites, directly embedded within?Īfter all, why should people go to the trouble of visiting the Washington Post or New York Times websites directly? On, the websites would be available in one place, with easy navigation. TemplateUrl: ' by Adrian Holovaty on August 10, 2022īack in 1996, the website had a brilliantly evil idea. System.import('app').catch(function (err) from "ag-grid-angular/main" Ag-grid master detail enterprise - Plunker
0 kommentar(er)
