Re: <iframe doc="">

>I don't understand why you think object/embed provides more security 
>than iframe.  When you load HTML into an object/embed, what you get 
>is exactly the same as an iframe.

Not in detail, I think you will find.
I meant to say that <iframe> is for html while <object> and <embed> 
are designed for plugins or other 'external' scriptable runtime like 
flash or other live content. If you use <object> or <embed> I think 
you will find events do not work the same as for <iframe>. For example 
if <iframe> we try to limit access so that the 'nested' DOM acts like 
it is not accessible from the host DOM. For <object> and <embed> that 
is not a simulation. The context is actually different and events 
(should get) passed in an entirely different but familiar way.

The test will be showing transport of events into and out of the 
<iframe>, <embed>, and <object> elements. Even with html in each of 
these elements look at event passing, for example navigation events. 
in/out of the 'nested' or 'external' DOM of the different elements.

Thank You and Best Regards,
Joe

Received on Monday, 18 January 2010 23:50:50 UTC