- From: Joe D Williams <joedwil@earthlink.net>
- Date: Mon, 18 Jan 2010 15:48:41 -0800
- To: "Adam Barth" <w3c@adambarth.com>
- Cc: "Henri Sivonen" <hsivonen@iki.fi>, <public-html@w3.org>
>I don't understand why you think object/embed provides more security >than iframe. When you load HTML into an object/embed, what you get >is exactly the same as an iframe. Not in detail, I think you will find. I meant to say that <iframe> is for html while <object> and <embed> are designed for plugins or other 'external' scriptable runtime like flash or other live content. If you use <object> or <embed> I think you will find events do not work the same as for <iframe>. For example if <iframe> we try to limit access so that the 'nested' DOM acts like it is not accessible from the host DOM. For <object> and <embed> that is not a simulation. The context is actually different and events (should get) passed in an entirely different but familiar way. The test will be showing transport of events into and out of the <iframe>, <embed>, and <object> elements. Even with html in each of these elements look at event passing, for example navigation events. in/out of the 'nested' or 'external' DOM of the different elements. Thank You and Best Regards, Joe
Received on Monday, 18 January 2010 23:50:50 UTC