This specification describes a proposed
to embed another web page and manipulate and listen to changes in the
This is a proposed extension to the [[!HTML5]] specification.
Web pages often have the need to embed other web pages. In many cases an
<iframe> element is sufficient for this purpose, but when the embedded web page is not same-origin with the embedding web page an
<iframe> has many limitations.
Several user agents have existing implementations of features which provide privileged web apps with additional functionality when embedding cross-origin web content. Examples include the
<iframe mozbrowser> element in Firefox OS [[MOZ-BROWSER]], the
<webview> element in Chrome OS [[GOOGLE-WEBVIEW]] and the
<x-ms-webview> element in Windows [[MS-WEBVIEW]], along with their corresponding APIs. These existing implementations include features to embed, access information about and control web content (including cross-origin content) in various ways.
Note that this additional functionality would not be safe to expose to all web pages using current web security models. In the examples given above proprietary methods are used in order to safely grant these extra privileges to certain web content. A standardised security model to safely expose such features to web content is certainly needed, but that is considered outside the scope of this specification.
The URL of the page to embed.
Sets the window.name property of the embedded browsing context.
The URL of an [[appmanifest]].
By default a
<webview> browser context can be
navigated to any URL.
If the manifest attribute is set to a valid app manifest URL then
the browser context may instead be limited to the scope of the app
described in the manifest.
If the embedded browser context attempts to navigate to a URL outside of this scope then the user agent may instead load that URL outside of the embedded browser context, as per the convention for that user agent.
<webview name="foo" manifest="http://foo.com/manifest.webapp" src="http://foo.com" />