← Back to context

Comment by berjin

4 years ago

Is there anything website owners can do about this? I've been many web games, including my own, embedded and surrounded by adverts (see dordle,io, wordle-unlimited,io). Simple permissions like x-frame-options won't work since they're proxying everything onto the same origin. I've thought about checking after a few minutes if the user is on an embeded DOM then asking them to head over to the real site.

2 comments

berjin

Reply
kevincox  4 years ago

No, the browser is the "user agent" and decides what to do. The problem is that in this case TikTok is the browser and does what they want, not what is good for the user.

It is actually quite a hard problem. The App Store does ban third-party browser engines so maybe they can add a restriction that apps can only inject code into verified domains. Surely a few legitimate use cases would be lost (IDK apps that let you annotate websites or something) but it may largely mitigate this issue. Maybe there can be a permission or a review entitlement that allows this for valid use cases (as decided by Apple of course).

  • MBCook  4 years ago

    Among other things my content blocker for iOS will display a page in a WKWebView they injected scripts into.

    It makes it so I can easily select and refine which HTML element I want to add to a custom blocking list.

    I think that would be impossible without this.