[tootie]

As a web developer this feels like an absolutely terrible practice. I have to support contracts for website performance, quality and behavior with clients and you could be putting us in breach. If I got a bug report of unexpected ads popping up, we'd probably waste thousands trying to figure this out.

[octalmage]

Exactly. The first thing I thought about when I saw this was the implications of having JavaScript that has not been tested in the context of a website running. You have no clue how it will conflict.

As a website owner you should have the right to verify all code that will run on your website to be sure that it won’t cause issues since only you have the context needed to make that call. What if there’s a global DIV selector that hides the close button, the website visitor is screwed! And they’ll just think it’s a problem with your website.

One more note, there are way better ways to do what they’re trying to do. Even with how terrible IFrames are, they prevent CSS and JavaScript conflicts. A simple position fixed div at the bottom of the screen containing an iframe seems more appropriate. If you are going to run code on my site, make sure it’s as small as possible. This could have been accomplished in 2 lines of code (excluding iframe host).

[robin_reala]

I’ve had to patch against this in the past when it turned out my system was breaking for a set of users whose company was installing a browser extension that injected JS that broke the app. Never did find out exactly what it did, but I worked around it but fixing the progressive enhancement to work properly in the context of broken JS as well as no JS.

[aaronbrager]

You can avoid this by using HTTPS.

[sova]

So many tickets with status "unable to reproduce" ugh