Safe independent navigation controls for iframes


Particularly for annotated scholarship of texts, but also potentially for blogs or discussion forums seeking to offer commentary on structured texts (including legal documents, technical manuals, popular books, etc.), it would be convenient for sites to be able to display a kind of iframe which could navigate each iframe’s content independently of the browser’s.

To give an idea of an example website and what problem this proposal would solve, imagine a site with a table where one column has paragraph of a specification (or legal document, book, etc.) and the other column has an iframe of commentary or resources about that paragraph–maybe from a wiki, or just a user’s blog post or a discussion subforum dedicated to that paragraph.

In a current browser, there is a problem. One, is that if you click links within say the iframe for paragraph 1, and then the iframe for paragraph 15, and then the iframe for paragraph 4, when you click the back button in your browser, it will only go back for the iframe in paragraph 4. You can’t choose to independently go backward in the iframe for paragraph 1 or 15.

While you could seek to overcome this issue by making your own navigation controls, and tracking the clicks within those iframes, this will only work so long as the reader is visiting one of your sites; for security reasons, one cannot reach into arbitrary iframe content to figure out what the user is browsing so as to build independent navigatioin controls for them at say the top of each iframe.

One could try to solve this security problem by obtaining the web content through a proxy server, but besides requiring a server, one could not let users visit sites with their own credentials, and there are other complications such as maintaining a base URL, etc.

My suggestion is therefore to allow an iframe to designate that it should have the browser place a back button, forward button, and/or URL input outside of the iframe content (maybe with a placement attribute or at least allowing them to be put above the iframe content). As with the main browser navigation controls, these would not be scriptable so as to compromise security/privacy and spying on which arbitrary, credentialed pages were being visited and what actions were being taken.

(Ideally, they could ideally signal back to the including page that a frame’s buttons/input had been clicked or the fact of a new page loading, perhaps, so one could, for example, highlight/style the iframe or what not, but this is not critical.)