I have no-script installed and I use it. 99% of the time it tells me scripts are partially allowed. Even this page shows techrepublic is allowed, but I have to tell NoScript to allow com.com, trstatic, spstatic, and google-analytics.com (every page, but I find them via Google).
From what I think you've said, Michael, the pages I go to (supposedly valid) likely don't have the no-size invisible iframes, it's the pages that those link to or which show up as a result of something like a google search, or a page a URL resulting from a google search takes me to, that I have to worry about the invisible iframes.
Suppose, one forbade any size 0 by 0 iframe from "showing" (even though it's invisible) [maybe loading is a better word]? Might a malicious site then instigate a 1 by 1 size iframe? A period might be larger than 1 by 1. Or any character could be the iframe! If you don't have to click on it, why does it have be 0 by 0?
Keep Up with TechRepublic