W3C home > Mailing lists > Public > www-svg@w3.org > March 2008

Re: Accessing Object Parameters from an Embedded SVG

From: Hallvord R. M. Steen <hallvord@opera.com>
Date: Fri, 14 Mar 2008 11:08:08 +0900
To: "Jonas Sicking" <jonas@sicking.cc>, "Jeff Schiller" <codedread@gmail.com>
Cc: "Anne van Kesteren" <annevk@opera.com>, "Boris Zbarsky" <bzbarsky@mit.edu>, "Web API WG (public)" <public-webapi@w3.org>, www-svg <www-svg@w3.org>
Message-ID: <op.t7zhjux9a3v5gv@hr-opera>

On Fri, 14 Mar 2008 05:24:45 +0900, Jonas Sicking <jonas@sicking.cc> wrote:

>>  I can understand not letting the embedded object get at the elements
>> outside of the HTMLObjectElement, but this seems like a weird design
>> flaw - the object parameters should be accessible to the embedded
>> object, regardless of domain - that's their purpose.  It would have
>> been great if HTMLObjectElement had an accessible "params" NodeList
>> readonly attribute :(

I don't think that's a good idea because it opens up too many  
opportunities for violating cross-domain policies. For example, you'd have  
to introduce security checks on properties like  
window.frameElement.nodeList[0].parentElement..

> The proper fix here is IMHO to add something to the window object. So  
> that you don't have to reach out into documents that are from a  
> different domain.

Agree. Would window.paramList be a good name? An object with name:value  
mappings would be useful, and one could iterate over it with for..in as  
usual.

-- 
Hallvord R. M. Steen
Core QA JavaScript tester, Opera Software
http://www.opera.com/
Opera - simply the best Internet experience
Received on Friday, 14 March 2008 02:08:08 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:38 GMT