Customize

WWP loads Google iframe

Discussion in 'Support Questions' started by Anonymous, Dec 9, 2013.

  1. Anonymous Member

    Yo.

    So, apologies if I've missed an announcement about this and it's totally innocuous, but:

    I note that at the bottom of most WWP forum pages there is now an iframe which loads content from accounts.google.com.

    My questions:

    - Is this intentional?

    - Doesn't it present a risk that use of WWP could be tracked based on users' Google accounts?

    Danke shoen.
  2. Anonymous Member

    Content looks like this (possibly-identifying info X-ed out):

    Code:
     
    <iframe name="oauth2relayXXXXXXXX" id="oauth2relayXXXXXXXXX"
    src="https://accounts.google.com/o/oauth2/postmessageRelay?
    parent=https%3A%2F%2Fwhyweprotest.net#rpctoken=XXXXXXXXX&amp;forcesecure=1"
    style="width: 1px; height: 1px; position: absolute; top: -100px;"></iframe>
     
    
  3. Anonymous Member

    I see no such iframe on this page, but then I never signed up for or logged into WWP via Google
  4. Anonymous Member

    Me neither

    It's not visible in the HTML source code - you have to look at the live page, as amended by Javascript.

    E.g. in Chrome do 'inspect element' and scroll down to the bottom.
  5. Anonymous Member

    All I see at the bottom are a heap of colorpicker DIVs. You'll probably need to provide moar context.
  6. Anonymous Member


    The bottom of the document looks like this to me:

    Code:
     
    <[B]iframe[/B] name="oauth2relayXXXXXXXXX" id="oauth2relayXXXXXXX" [B]src="https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwhyweprotest.net#rpctoken=XXXXXXXXX&amp;forcesecure=1"[/B] style="width: 1px; height: 1px; position: absolute; top: -100px;"></iframe>
     
    <div id="fb-root" class=" fb_reset"><div style="position: absolute; top: -10000px; height: 0px; width: 0px;"><div><[B]iframe[/B] name="fb_xdm_frame_https" frameborder="0" allowtransparency="true" scrolling="no" id="fb_xdm_frame_https" aria-hidden="true" title="[B]Facebook Cross Domain Communication Frame[/B]" tab-index="-1" src="[B]https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=28#channel=f1cecff938&amp;channel_path=%2Fcommunity%2Ffb_channel.php%3Fl%3Den_US%26fb_xd_fragment%23xd_sigXXXXXXXXXX&amp;origin=https%3A%2F%2Fwhyweprotest.net"[/B] style="border: none;"></iframe></div></div><div style="position: absolute; top: -10000px; height: 0px; width: 0px;"><div></div></div></div>
     
    <div class="xenTooltip " style="position: absolute; top: 1647.28125px; left: 983px; display: none;"><span class="arrow"></span>Like</div>
     
    <div id="AjaxProgress" class="xenOverlay" style="top: 0px; left: 0px; position: fixed; display: none;"><div class="content"><span class="close"></span></div></div>
     
    </body>
     
    </html>
     
    
    As you can see, there's a Facebook iframe in there too, and they both include WWP in the query string.
  7. Anonymous Member

    I just checked in a browser that I don't have the "Anti-social list" Adblock Plus filter and I see the iframe there. Sorry I forgot I had that, it's from https://adversity.googlecode.com/hg/Antisocial.txt
  8. Anonymous Member

    This is on the "WWP - Classic" theme - I should have mentioned that.
  9. Anonymous Member


    ... only without the bold tags which of course don't work inside code tags. Oops.
  10. Anonymous Member

    The additional bonus of blocking all those silly social sharing button iframes is the memory saved from not loading all their fucking javascript libraries.
  11. Anonymous Member

    "Facebook Cross Domain Communication Frame"

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins