- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 19 Jan 2010 01:11:45 -0500
- To: Joe D Williams <joedwil@earthlink.net>
- CC: public-html@w3.org
On 1/19/10 1:01 AM, Joe D Williams wrote: > Adam > Really? ... If you put text/html into an <object> element (which > is what we're suggesting with @doc), then it acts just like a frame. Yes, @doc is about putting HTML into iframes. If you put HTML in <object>s it's like putting HTML in <iframe>s. But no one is suggesting using @doc on <object>s. In fact, the only reason <object> came up at all in this conversation is that _you_ brought it up in http://lists.w3.org/Archives/Public/public-html/2010Jan/0833.html with some claims about using <object> for HTML being somehow more secure than using <iframe> for HTML. The rest of the discussion about <object> seems to center on the people who are familiar with the relevant Gecko and Webkit code trying to convince you that at least in Gecko and Webkit it is not in fact any more secure. See http://lists.w3.org/Archives/Public/public-html/2010Jan/0841.html for the first concise statement of this. I suggest looking at Adam's mail quoted above (at http://lists.w3.org/Archives/Public/public-html/2010Jan/0869.html ) in the context of the whole conversation. -Boris
Received on Tuesday, 19 January 2010 06:12:19 UTC