W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Joe D Williams <joedwil@earthlink.net>
Date: Mon, 18 Jan 2010 15:48:41 -0800
Message-ID: <72687E60747E4A03A43330654490B09C@joe1446a4150a8>
To: "Adam Barth" <w3c@adambarth.com>
Cc: "Henri Sivonen" <hsivonen@iki.fi>, <public-html@w3.org>



>I don't understand why you think object/embed provides more security 
>than iframe.  When you load HTML into an object/embed, what you get 
>is exactly the same as an iframe.

Not in detail, I think you will find.
I meant to say that <iframe> is for html while <object> and <embed> 
are designed for plugins or other 'external' scriptable runtime like 
flash or other live content. If you use <object> or <embed> I think 
you will find events do not work the same as for <iframe>. For example 
if <iframe> we try to limit access so that the 'nested' DOM acts like 
it is not accessible from the host DOM. For <object> and <embed> that 
is not a simulation. The context is actually different and events 
(should get) passed in an entirely different but familiar way.

The test will be showing transport of events into and out of the 
<iframe>, <embed>, and <object> elements. Even with html in each of 
these elements look at event passing, for example navigation events. 
in/out of the 'nested' or 'external' DOM of the different elements.

Thank You and Best Regards,
Joe
Received on Monday, 18 January 2010 23:50:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:59 GMT