W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 19 Jan 2010 01:11:45 -0500
Message-ID: <4B554D21.1070206@mit.edu>
To: Joe D Williams <joedwil@earthlink.net>
CC: public-html@w3.org
On 1/19/10 1:01 AM, Joe D Williams wrote:
> Adam > Really? ... If you put text/html into an <object> element (which
> is what we're suggesting with @doc), then it acts just like a frame.

Yes, @doc is about putting HTML into iframes.  If you put HTML in 
<object>s it's like putting HTML in <iframe>s.  But no one is suggesting 
using @doc on <object>s.

In fact, the only reason <object> came up at all in this conversation is 
that _you_ brought it up in 
http://lists.w3.org/Archives/Public/public-html/2010Jan/0833.html with 
some claims about using <object> for HTML being somehow more secure than 
using <iframe> for HTML.  The rest of the discussion about <object> 
seems to center on the people who are familiar with the relevant Gecko 
and Webkit code trying to convince you that at least in Gecko and Webkit 
it is not in fact any more secure.

See http://lists.w3.org/Archives/Public/public-html/2010Jan/0841.html 
for the first concise statement of this.

I suggest looking at Adam's mail quoted above (at 
http://lists.w3.org/Archives/Public/public-html/2010Jan/0869.html ) in 
the context of the whole conversation.

-Boris
Received on Tuesday, 19 January 2010 06:12:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:12 UTC