I still believe that web standards were meant to be providing open access to the standardized information and what I was looking at for half a year of my life jurney of trying to fix issues that they caused is just a temporary problem. We have W3C that stands on guard of html / css and ECMA International. Unfortunatelly as we progress with adding things to those standards I think people who stand on guard on those standards either lost control, got manipulated or simply ignored threats. I don't know if it's lack of founding. Governments that are bribed by lobbyists to support market consolidation. Throwing money that promotes bureaucracy and toxicize market instead of causing innovation. Let's just don't dig into this crap.
To give you prosaic example from one of the features of web let's have a look at web components. Here is simple code to create web component.
const element = document.createElement('div');
const shadow = element.attachShadow({ mode: 'closed' });
When you attached closed shadow you cannot access it unless you keep the reference somewhere. That gives control of the shadow component only to the owner of the reference.
Mozilla literally says that in their documentation
closed Denies access to the node(s) of a closed shadow root from JavaScript outside it:
element.attachShadow({ mode: "closed" }); element.shadowRoot; // Returns null
But well - this is fine.
Fortunatelly browser developers gave us a hand to work around this problem in the extension.
inside chrome extension content script you can access shadow content using
chrome.dom.openOrClosedShadowRoot(el);
and on firefox
el.openOrClosedShadowRoot();
Still, it doesn't look like open standard, it looks like an unfinished feature lol. And we see more and more websites using shadow dom and web components right now. That means web.archive.org is no longer archiving content.
See ex. https://nanoporetech.com website. This looks great.
and this is original website screenshot
but that's not only that, as I mentioned in my previous post ignorance went so far that when we try to save the same webpage using leading browser that have 62.85% of market share we got also not so great result
and we should look for at least something like this if we could only save shadow dom correctly
Well enough of "saving" websites. Who needs knowledge preservation, saving heritage of civilisation. No corporate needs that. They need only more charts that goes to the right and up. There is only present, nobody cares about past.
Let's move on to something more complicated, to the demilitarized zone of <iframe>. Creator of iframe is Microsoft and it corelates with first browser war between Microsoft's Internet Explorer and Netscape's Navigator. Iframe was introduced inside Internet Explorer 4. Just to mention that Microsoft was so determined with their browser dominance that in 1998 they were hit with an antitrust suit, much of which involved their browser bundling.
What a lovely and nice corporation. But people say they changed cause they pull money out of they pockets.
like once Sun Tsu said
Build your opponent a golden bridge to retreat across.
When someone is defending corporation and saying that people who work there on C level positions changed - it gets me laughing as a person who lives in post communist country and sees how indoncrinated people learned things during communism and are now unable to change their thoughts. That's Poland in nutshell - clash of two universes. But I'm not about it.
if you can't beat 'em, join 'em
or well Sun Tsu again
The whole secret lies in confusing the enemy, so that he cannot fathom our real intent.
Enough ranting lovely and nice people from corporate and let's get back to the iframe industry. To close content of the iframe you can easily do it like microsoft is doing it in their office 365. Create page with iframe that is 100% width and height and load iframe inside iframe. No problemo cause you can still communicate from iframe to your parent using window.postMessage and you can even load iframe from javascript that loads iframe to hide content url from so called bad people. Those bad people who just want to save their data (you want to save your data ? ). Don't save it - it's safe on our computers, in the clouds. You know who lives in the clouds ? God ! And you know that God is good like the cloud is good, except when he was killing kids and thousands of people but don't talk about it it's past, think about future, cloud is future, you want to live in future right ? Don't worry about anything and be happy. Stay happy cause everything is fine.
Iframe is like Trojan Horse of todays standars. Just because you can simply override window.postMessage behaviour or just block events, send malformed messages that break chrome extension scripts even when you try to capture those messages. There are countless of articles that say you how to prevent accessing content of webpage using iframe like iframes as a security feature. It's for your good, for GDPR, PCI, DSS and other standards, for you to feel secured cause it doesn't work but those 2,3,4 letters make you happy, right ? RIGHT ??? Funny thing that websites from organisations establishing those standards doesn't folow their own standards. Why not return 200 instead of 404 in http response to confuse some hacker, it renders correctly right ? RIGHT ??? Aren't you happy ??? We are showing you a content that renders correctly what else you want ??? Here you go, get some pile of money and a puppy. Would that make you happy ??? That should give you some clue why those standards are established, follow the money.
Just to say that if you add listener to every website that have ads by adding following code:
window.addEventListener("message", (event) => {
console.log(event)
})
you can get funny messages from ad server companies, that not always follow gdpr, pci dss and so called standards. However difficult to capture iframe content it's doable, let's not dig into 2 months of fail and try again work.
This is what example microsoft product looks like for mere mortal. Well what do you want from us, it works and people are happy.
this is how chrome save it
and this is I think it should look like after save
There are couple of problems with iframe, one of them is the difference between iframe and shadow root. tIframe is separate entity with it's own sandbox and should be saved as a separate html page but let's leave it for another story.
Let's stop with iframe here and continue with a little rant by moving to the gaming industry and famous canvas. I very much like canvas cause you can draw anything on it. It's creative and stimulates imagination like my drawing of a little rocket on a spreedsheet. You can see it flying on a spreedsheet with engines on sides and little antena on top. I think everyone should be able to draw their little rocket on their spreedsheet. And you will be able to, oh you will be able to draw a rocket soon. See mine rocket below.
Back to the canvas, everythong was nice, you could capture canvas and it's contents before webgl and webgl2 standards appeared. Introduction of gl buffers that can be cleared by author sudenly closed canvas contents from capturing, a little variable preserveDrawingBuffer changed everything. You are no longer able to capture what is drawn on canvas because the buffer is cleared. There is nothing you can do about it, no api is provided to preserve drawing buffer for a given time period if website developer doesn't allow you to do it. Of course you can override getContext method and force variable to be true but well this is an ugly hack.
canvas.toDataURL('image/png', 80)
will just return empty image without any error and nobody cares.
Nobody cares about video - like saving a youtube snapshot, youtube you nasty bastard using polymer framework css-shady, polymer with 21k stars on github doing some nasty own components with css that break website completely. Maybe they did it intentionally so nobody can save what is on screen, nobody can copy it. They don't care cause we just look at their shiny website that works.
here's how original website looks like
here's how chrome saves it
and here - this is how I think it should look after saving
I don't want to start with webassembly that is just pure canvas with disabled preserveDrawingBuffer. Although claimed to be open standard it's just open to compile and closed to copy. We loose control of content and everything that web was created for. We're back to flash player and everyone claps their hands
Looks like Steve Jobs was wrong with his thoughts about flash, flash player you are welcome back as a wolf in a sheep clothing. And well like corporate tend to do - they hide the truth before they unleash the future. The page that doesn't exists still available as web archive heritage
How many forums and social networks needs to disappear for people start caring about content ownership in the web ? How much knowledge we will loose before we wake up ?
There is now law that allows banned youtube channel owner to backup their content, or banned facebook group to backup their posts. We don't care if those bans were ok or not. Just ban them cause they don't talk like us.
I like those small nice messages from my youtube playlists cause you know, we don't own those videos. We don't know if we're able to watch them tomorrow or not. We don't care as long as we can push problems out of our minds and be mindless. Maybe they will just forget about this content inside their playlist. We have so much new stuff for you, don't look there. There's nothing there, we removed everything and left you this cute message.
C'est la vie. Panta rhei.