I was going to talk about how we are putting the iframe in place as an alternate line of protection on top of caja, but to be honest I don't see any reason not to remove the iframe in dev mode only (live canvas is a definite no though) - the worst a person can do is trick themselves in to revealing their own password and being able to log in as themselves :)Internet Explorer makes it quite difficult to inspect anything within iframes, so layout issues can be very perplexing. (I'm using the IE Developer Toolbar. Anyone know of anything better?)
This is really urgent. Our app looks like crap in IE, and it's impossible to determine why.
On a related note, I've tried viewing my HTML+YML directly in IE, and my pages look much better that way than they do after YAP processing (in dev-preview mode). It appears that the YAP platform is not generating the same HTML DOM that IE would normally generate.