Adrian brings an excellent historical perspective tothe horrifying behaviour of Facebook’s in-app browsers:
Somewhere along the way, despite a reasonably strong anti-framing culture, framing moved from being a huge no-no to a huge shrug. In a web context, it’s maligned; in a native app context, it’s totally ignored.
Yup, frames are back—but this time they’re in native apps—with all their shocking security implications:
The more I think about it, the more I cannot believewebviews with unfettered JavaScript access to third-party websitesever became a legitimate, accepted technology. It’s bad for users, and it’s bad for websites.
By the way, this also explains that when youtrybrowsing the web in an actual web browser on your mobile device, every second website shoves a banner in your face saying “download our app.” Browsers offer users some protection. In-app webviews offer users nothing but exploitation.