Jump to content

No More Iframes?


Yellow ants

Recommended Posts

I've been keeping our profile information in a page on my own webserver and included it on our gc.com profile page with an iframe, which has worked flawlessly so far. However, now I see that the iframe doesn't show up anymore - and it's not that it's not loading, the tag simply isn't in the HTML.

 

Has this been changed by TPTB? If so, shouldn't there be an announcement somewhere?

Link to post
What's wrong with filling out your profile the right way? :unsure:

 

I believe there was no place that said that using an iframe was "the wrong way", only that the html in your profile needed to be less than X characters (that limit, by the way, isn't written anywhere conspicuous).

 

But since you're asking, it saves me from having to edit it more than once if I want to display my profile in different contexts.

Edited by Yellow ants
Link to post
I believe there was no place that said that using an iframe was "the wrong way", only that the html in your profile needed to be less than X characters (that limit, by the way, isn't written anywhere conspicuous).

 

Just double-checked, and the "Edit Profile" page says nothing about the kind of HTML allowed (or, as is the case, disallowed) in the profile pages. Neither does the Terms of Service. Nowhere do I see an indication of a "right" and a "wrong" way to fill out my profile.

Link to post

What's wrong with filling out your profile the right way? :unsure:

What's wrong with being helpful instead of being a jerk right off the bat?

 

Oh wait a minute, I do the same thing sometimes.

 

Nevermind, I take it back. Keep up the good work.

Link to post

I've been keeping our profile information in a page on my own webserver and included it on our gc.com profile page with an iframe, which has worked flawlessly so far. However, now I see that the iframe doesn't show up anymore - and it's not that it's not loading, the tag simply isn't in the HTML.

 

Has this been changed by TPTB? If so, shouldn't there be an announcement somewhere?

 

FWIW, I seem to be having the same problem with my profile, which has a javascript link that worked fine up until today.

Link to post

The "security risk" is with the person viewing the page, and not to the GC server farm. Based on this, why not allow iframes as a benefit to members? If someone unleashes something via an iframe, their account could be disabled and profile scrubbed. Much less risk from member profile pages.

 

My Two Bits

-Chris

Link to post

At some point the security features of the profile pages were disabled. I have re-enabled them.

 

The "security risk" is with the person viewing the page, and not to the GC server farm. Based on this, why not allow iframes as a benefit to members? If someone unleashes something via an iframe, their account could be disabled and profile scrubbed. Much less risk from member profile pages.

 

Not sure how giving people the ability to make other people's browsers vulnerable is a "benefit to members." I do understand that you would like to use IFrames and empathize with that, but at the same time we have to ensure that we're doing the right thing in making our pages safe.

Link to post
Not sure how giving people the ability to make other people's browsers vulnerable is a "benefit to members." I do understand that you would like to use IFrames and empathize with that, but at the same time we have to ensure that we're doing the right thing in making our pages safe.

 

Yeah, so now I'll just have to include my XSS attack page as a link saying "Click here to see my profile" instead of in an iframe. I can see how that makes people more secure. :rolleyes:

 

(More) seriously, how about allowing it for Premium Members? Once you've got my credit cards details I'd imagine it'd be quite easy to sic the police on me if I don't play nice.

 

At some point the security features of the profile pages were disabled. I have re-enabled them.

 

You have also disabled the "security" features on the TB pages, who happily accept iframes. Still.

Link to post

Was very saddened to see this last night. My profile webpage was at least 50x the allowable character limit given. Is there a way to display this data out side of putting a huge image up of my actual webpage? For now, I will just have to only have a link in my profile, which seems to be just as bad as allowing iframes?

 

Sigh...

 

-HiDude_98

Link to post

If this thread is being used as a petition to re-enable iFrames, then count me in! Like the others that have posted, and the others that haven't yet, I liked that ability to store the over-the-limit amount of characters. One of the main reasons is that I like to track my FTF's. I have been using my profile page to do that for a long time because there is not something on gc.com that does that for me. (That is the bulk of my page anyway, so if gc.com would create this tab, I woudn't need much more.)

 

I'm just wondering how many of my cache pages are screwed up now since the "security" has been re-enabled...

 

Stratman

Link to post
a link saying "Click here to see my profile" instead of in an iframe. I can see how that makes people more secure. ;)

I think the point is that if any nefarious code is included in an iframe, it appears to a user as coming from geocaching.com. So if someone is attacked that way they would blame Groundspeak. But if they click through to another website, then they can no longer blame Groundspeak. Seems like self-preservation on Groundspeak's part.

Link to post

[stolen from Scott Adams.]

 

Confirmation Bias

Have you heard of something called the confirmation bias? Researchers discovered that when people hear an argument that opposes their viewpoint, the rational part of the brain takes a coffee break and the emotional side takes over. The irrational part of your brain then reinterprets reality in a way that lets you keep your dumb viewpoint against all common sense and evidence.

 

For example, if you and I had an argument about whether creatures could fly by flapping their wings, common sense would tell you that pointing to birds flying overhead would end the debate. But it wouldn’t. Whoever held the opinion that creatures can’t fly by flapping wings would argue that birds aren’t actually creatures, or that it’s the feathers that let them fly, not just the wings, or that humans can’t flap their arms and fly. In other words, the loser of the debate would start saying stuff that sounds incredibly stupid to everyone except the person saying it. That’s the confirmation bias at work.

 

 

It seems to fit.

Edited by LaPaglia
Link to post

But if they click through to another website, then they can no longer blame Groundspeak. Seems like self-preservation on Groundspeak's part.

 

It's more on the lines of giving the user a choice. They choose to visit Geocaching.com and trust the site. They can, if they so choose, click on a link outside of geocaching.com, but no one is forcing them to surf on another site. An IFrame removes that user's choice.

 

Groundspeak CYA is a long second.

Link to post
[stolen from Scott Adams.]

 

Confirmation Bias

Have you heard of something called the confirmation bias? Researchers discovered that when people hear an argument that opposes their viewpoint, the rational part of the brain takes a coffee break and the emotional side takes over. The irrational part of your brain then reinterprets reality in a way that lets you keep your dumb viewpoint against all common sense and evidence.

 

For example, if you and I had an argument about whether creatures could fly by flapping their wings, common sense would tell you that pointing to birds flying overhead would end the debate. But it wouldn't. Whoever held the opinion that creatures can't fly by flapping wings would argue that birds aren't actually creatures, or that it's the feathers that let them fly, not just the wings, or that humans can't flap their arms and fly. In other words, the loser of the debate would start saying stuff that sounds incredibly stupid to everyone except the person saying it. That's the confirmation bias at work.

 

 

It seems to fit.

 

I wish I knew which post this was aimed at... I can only guess, I think I know, but still...

Link to post
It's more on the lines of giving the user a choice. They choose to visit Geocaching.com and trust the site. They can, if they so choose, click on a link outside of geocaching.com, but no one is forcing them to surf on another site. An IFrame removes that user's choice.

 

Groundspeak CYA is a long second.

 

But I can still include images from different servers on my pages. These images might be autogenerated by a server-side script that gathers information about the visitor or even be maliciously crafted remote exploits. It seems inconsistent to block some exploits and "allow" others.

 

vipersig.jpg

 

Basically, I can understand why you disallow iframes. What I don't understand is why you don't make it clear in the "Edit Profile" page or somewhere else what is and what is not allowed, and why you're apparently only blocking some exploits.

Link to post

But if they click through to another website, then they can no longer blame Groundspeak. Seems like self-preservation on Groundspeak's part.

 

It's more on the lines of giving the user a choice. They choose to visit Geocaching.com and trust the site. They can, if they so choose, click on a link outside of geocaching.com, but no one is forcing them to surf on another site. An IFrame removes that user's choice.

 

Groundspeak CYA is a long second.

 

I understand the concept of giving the user a choice, but if I put a link on my profile page, users will generally have no inhibitions around clicking on the link. Someone with harmful intent could exploit this environment easily. If protecting users and giving them a choice is paramount, perhaps we should not be using HTML at all. I don’t advocate this at all, but I’m just taking the most “radical” position. If a member posts an iframe with malicious content, suspend the account and wipe the profile page. For those of us who are just wanting to enjoy the Geocaching experience to the utmost, why not trust us…? We have paid for a membership, and I for one, would not pay for a membership if I was going to post malicious content. Put a blurb on the TOS for GC and state that iframes may be in use and GC can not be held liable for any damages that may result… or something to that effect.

Another 2 cents… I’m up to $.04 now.

-Chris

Link to post

 

I understand the concept of giving the user a choice, but if I put a link on my profile page, users will generally have no inhibitions around clicking on the link.

 

So there's no problem then. People can click on the link.

Link to post

 

I understand the concept of giving the user a choice, but if I put a link on my profile page, users will generally have no inhibitions around clicking on the link.

 

So there's no problem then. People can click on the link.

 

Ok, so that was a bit out of context. My question is basically at what point does a website become so restrictive that it boarders on oppressive, and the experience is not fun anymore? I’m not trying to cause a firestorm, or a revolution; I’m simply trying to make a point. I have thoroughly enjoyed my Geocaching experience, and creating my profile page to chronicle my progress. I have never posted or coded anything that could be even remotely be considered a security risk. What is my alternative to iframes with the GC limit of 5000 characters, and still be able to integrate into my profile page?

 

Thx,

-Chris

Link to post

 

I understand the concept of giving the user a choice, but if I put a link on my profile page, users will generally have no inhibitions around clicking on the link.

 

So there's no problem then. People can click on the link.

 

Ok, so that was a bit out of context. My question is basically at what point does a website become so restrictive that it boarders on oppressive, and the experience is not fun anymore?

 

I don't know. I'm guess you think it happens when Groundspeak restricts Javascript and iframes due to security concerns.

 

Your alternative is to build a web site on the plethora of services available on the Internet. At least until we can provide more space on profile pages for you, or other - safer - services to accomodate your request.

Link to post
My question is basically at what point does a website become so restrictive that it boarders(sic) on oppressive, and the experience is not fun anymore?

:( Oppressive! Really! :D

Firstly you are being offered a service by this website, and they offer you the oppertunity to put up a profile free of charge, one could hardly fault them for trying to protect themselves and others! I still can't get over the use of the word oppression! Have you ever really been oppressed?! I am guessing that the answer would be no! If you want to talk about oppression, you can come have a sitdown with my girlfriend who grew up in the former Soviet Union! I mean I understand that you are frustrated, but it's neccessary to keep perspective!

Link to post

Anything that improves security for less savvy users is GOOD.

I was unaware that GC.com was an avenue for practicing web skills. I thought it was a site about finding 'tupperware' in the 'bushes'.

 

For crying out loud people GROW UP. I am sure there are plenty sites out there that will allow you to strutt your programming prowess, this is not one of them. If you don't like it go to a caching site that allows it.

Just 'cos you can post some script kiddie stuf with incorrect info on it doesn't mean that GC.com isn't blocking some exploits. (Refering to the funny guy holding a sign that is not my I.P. address)

Link to post

 

I understand the concept of giving the user a choice, but if I put a link on my profile page, users will generally have no inhibitions around clicking on the link.

 

So there's no problem then. People can click on the link.

 

Ok, so that was a bit out of context. My question is basically at what point does a website become so restrictive that it boarders on oppressive, and the experience is not fun anymore?

 

I don't know. I'm guess you think it happens when Groundspeak restricts Javascript and iframes due to security concerns.

 

Your alternative is to build a web site on the plethora of services available on the Internet. At least until we can provide more space on profile pages for you, or other - safer - services to accomodate your request.

 

I did build a web site, my GC Profile page is a page that is hosted with my family web page. I own my own domain name and administer my own email. The reason I decided to start using iframes was based on the fact that GC.com is not in the business of hosting web pages, nor should they be in my opinion. I hosted my page off my own site to offload that from the GC.com server farm. I was taking the approach that I was being a “good citizen” and preserving as much of the precious bandwidth that GC.com serves up to keep the response time down for the web pages.

 

I would not be opposed to paying a “profile fee” to remove the character restriction on the profile pages, of course with that, I do use a couple of java scripts on some of my cache pages (I have a time/date calculator for the Getting the Goose #50 that cachers can calculate their time for the Goose run). I would be willing to link to those java applets (hosted on my own page with no iframe) and pay a “profile fee” of something like the following…

 

My profile page is at about 36K characters right now, and about 40KB in size.

 

0-5K - included in member price

5k-100K - $5/yr

 

Here’s another idea, instead of trying to jam all this into the profile page space, how about a separate FTP account that is linked to our GC name? A separate fee could be charged and quotas set on space versus a character limit. The same security rules could apply with the FTP space, no java, no iframes, etc, only allow static web pages to be uploaded (the .Net framework has some good FTP upload portals). A couple of MBs of space would surely do the trick, and would generate another revenue stream for GC.com. I would be at the front of the line to pay for a “profile service”.

 

Thanks again for taking the time Jeremy,

-Chris

Link to post
My question is basically at what point does a website become so restrictive that it boarders(sic) on oppressive, and the experience is not fun anymore?

<_< Oppressive! Really! :ph34r:

Firstly you are being offered a service by this website, and they offer you the oppertunity to put up a profile free of charge, one could hardly fault them for trying to protect themselves and others! I still can't get over the use of the word oppression! Have you ever really been oppressed?! I am guessing that the answer would be no! If you want to talk about oppression, you can come have a sitdown with my girlfriend who grew up in the former Soviet Union! I mean I understand that you are frustrated, but it's neccessary to keep perspective!

 

Let’s try to keep things in perspective, I agree…

 

My conversation was not with you, and I empathize with your girlfriend who was most certainly oppressed. With regards to the service provided for free, you are entirely off base on this one. I have paid my membership fee to GC.com, and while you enjoy the services the GC.com offers for free, I have paid for mine as have many others. This is due entirely to the fact that there are additional services that GC.com offers, and I am willing to pay for the use of them.

 

Regards,

-Chris

Link to post

Anything that improves security for less savvy users is GOOD.

I was unaware that GC.com was an avenue for practicing web skills. I thought it was a site about finding 'tupperware' in the 'bushes'.

 

For crying out loud people GROW UP. I am sure there are plenty sites out there that will allow you to strutt your programming prowess, this is not one of them. If you don't like it go to a caching site that allows it.

Just 'cos you can post some script kiddie stuf with incorrect info on it doesn't mean that GC.com isn't blocking some exploits. (Refering to the funny guy holding a sign that is not my I.P. address)

 

GeoMire <-- has grown up!

 

1. I am not a programmer

2. I host my own family web site on my own domain

3. I have very little prowess with regards to programming

4. I don’t strut - at least I don’t think I do (exception: I do strut when FTF-ing)

5. Someone else posted the icon with the IP address

6. The IP address is probably yours, you are just likely sitting behind a proxy and that’s the IP that is being shown

7. I am a Geocacher

8. * (for anything I left out; programmers strutting with prowess will understand the use of ‘*’)

 

Regards,

-Chris

Link to post

My conversation was not with you

It was on a public forum so your conversation was with whoever felt like responding! <_<

With regards to the service provided for free, you are entirely off base on this one. I have paid my membership fee to GC.com, and while you enjoy the services the GC.com offers for free, I have paid for mine as have many others. This is due entirely to the fact that there are additional services that GC.com offers, and I am willing to pay for the use of them.

And those are the services that you pay for, not the profile page!

Link to post

I prefer to have a link to my own site where I can get as fancy and detailed as I want to. The HTML editing in a text area is not super robust.

 

If people are interested in Geoblank they can follow my link. If they are not interested that is fine.

 

I prefer to keep the gc.com site as safe and secure as possible. That will aid in server uptime as well as potential cost issues when someone for fun tries some script injection.

 

http://www.teamblank.com - lame link right now though ;) Come back next year...

Link to post

Well, I was using an IFRAME on my profile page to display a Google map w/ the caches I've found in the last 30 days on it. Now that I can't display it any more like this, how about adding something similar as a premium member feature directly on geocaching.com? Would save me the work of running the query in GSAK and updating the map by hand anyway...

Link to post

I know this thread is about iframes but... it seems to have digressed to space for profile pages.

 

I would like to propose that each geocacher be given a maximum amount of sapce for one's profile using the following formula:

 

5k+ (number of finds)*0.01k + (number of hides)*1k

 

That way it becomes a geocaching issue. It translates into: the more you find and hide, the more space you get to flaunt it. :P Keep on caching!

Link to post

I know this thread is about iframes but... it seems to have digressed to space for profile pages.

 

I would like to propose that each geocacher be given a maximum amount of sapce for one's profile using the following formula:

 

5k+ (number of finds)*0.01k + (number of hides)*1k

 

That way it becomes a geocaching issue. It translates into: the more you find and hide, the more space you get to flaunt it. :P Keep on caching!

Oh yea, that is in no way going to encourage anyone to log fake finds just to get more profile space. :P

Link to post

I know this thread is about iframes but... it seems to have digressed to space for profile pages.

 

I would like to propose that each geocacher be given a maximum amount of sapce for one's profile using the following formula:

 

5k+ (number of finds)*0.01k + (number of hides)*1k

 

That way it becomes a geocaching issue. It translates into: the more you find and hide, the more space you get to flaunt it. :P Keep on caching!

 

The profile page is where the use of iframes is nice. You can create your own profile page, host it on your own server (GC does not have to worry about space or bandwidth) , and the iframe statement allows you to have it embedded into your GC profile page.

 

-Chris

Link to post

It isn't about the bandwidth.

 

The profile limit is what, 5k?

 

Yet I can upload picture after picture after picture with no limit.

 

It is something else. I suspect it has to do with the buffer space for the typed in text, that's easy to solve. Let me upload a file.

 

Paul

Link to post

It isn't about the bandwidth.

 

The profile limit is what, 5k?

 

Yet I can upload picture after picture after picture with no limit.

 

It is something else. I suspect it has to do with the buffer space for the typed in text, that's easy to solve. Let me upload a file.

 

Paul

 

There is the solution! Make your profile one large image. Put everything you want to display on your profile in the image. Then simply link to that image from each webpage you want to show your profile on. Now you're back to only having to edit only one page, err, file.

Link to post

script and iframes have long been filtered from cache pages because they are a security risk.

 

I'm guessing they finally got the profile pages doing the same, for the same reason.

 

Naw, they were just envious of my cool APRS map page I had in my profile. Now my profile is boring again (but the good thing is nobody knows where I am anymore).

 

--Marky

Link to post
Yet I can upload picture after picture after picture with no limit.
There is the solution! Make your profile one large image. Put everything you want to display on your profile in the image. Then simply link to that image from each webpage you want to show your profile on. Now you're back to only having to edit only one page, err, file.
Yep - and if the file is stored on your own offsite webspace, you can change the file however often you want, give it the same name, and leave the references to the image alone on your profile.
Link to post
Yep - and if the file is stored on your own offsite webspace, you can change the file however often you want, give it the same name, and leave the references to the image alone on your profile.

 

Just in case this solution wasn't meant humorously...

 

Doing it as an image is a bad idea. It impacts display times as well as impacting the visually impaired. I know I like bumping the font size up if I can't read a web page, with images I wouldn't be able to do that.

 

Paul

Link to post
Yep - and if the file is stored on your own offsite webspace, you can change the file however often you want, give it the same name, and leave the references to the image alone on your profile.

 

Just in case this solution wasn't meant humorously...

 

Doing it as an image is a bad idea. It impacts display times as well as impacting the visually impaired. I know I like bumping the font size up if I can't read a web page, with images I wouldn't be able to do that.

 

Paul

 

Agreed, one large image would not be as crisp as standard html, and think of the download time... ugh!

 

-Chris

Link to post
Just in case this solution wasn't meant humorously...

 

Doing it as an image is a bad idea. It impacts display times as well as impacting the visually impaired. I know I like bumping the font size up if I can't read a web page, with images I wouldn't be able to do that.

It was meant only MILDLY humorously.

 

Seriously, if you need to put THAT much information on your profile, create your own profile on your own website. Maintain it there. Have pictures on the screen that are 2000x1500. Have a full copy of the script of all 6 Star Wars Movies in a plain text version. But put it on YOUR website.

 

I'd say that Geocaching.com providing ANY space for people to put HTML in for their profile is generous, considering that this functionality is provided for free. If they choose to limit the characters and/or imposed security precautions, I'd have no problem with that.

 

Hey Mack! You want a free watch?

Sure. Tries to wind the watch with no effect, realizes it just a toy

Hey! This watch doesn't work.

Link to post
Guest
This topic is now closed to further replies.
×
×
  • Create New...