W3C home > Mailing lists > Public > public-svg-ig@w3.org > April to June 2009

RE: Progress on SVG book -- question concerning <embed> vs <object> in HTML

From: Dailey, David P. <david.dailey@sru.edu>
Date: Fri, 3 Apr 2009 15:57:44 -0400
Message-ID: <1835D662B263BC4E864A7CFAB2FEEB3D021FE000@msfexch01.srunet.sruad.edu>
To: "SVG IG List" <public-svg-ig@w3.org>
Cc: <jferrai@us.ibm.com>
Way back when, <embed> was recommended by Adobe as the preferred way to
put SVG in HTML. [history as I understand it was that <object> plus
script introduced a security problem forcing Adobe to disable it]

 

<object> is the "standards compliant" way (though I suspect HTML5 may
grandfather <embed> in, as a part of its "avoid breaking the web" *
design principle)

 

In the book I'm trying to finish up, in order to get things working,
even in IE/ASV, I had chosen the one way of getting it to work
everywhere: <embed> as the recommendation.  One of the reviewers (who
happens to be a friend) complained that "modern browsers" don't need
that. So I am backpedaling a good bit on my previous recommendation. I
am not wishing though, to recommend that content developers all ignore
IE/ASV - that is a choice they should make of their own informed
consent. 

 

Only two browsers (Opera and IE/ASV) provide robust support for filters
and SMIL and so forth, and so I really don't want to encourage authors
to ignore one of the two browsers that actually does all this stuff
generally correctly. 

 

Anyhow, and regardless of the emotion that this topic may engender, I'm
interested in explaining the alternative use of

 

<object id="E" type="image/svg+xml" data="ovals.svg" width="320"
height="240">

  <param name="src" value="ovals.svg">

</object>

 

as a way to trick IE/ASV into accepting <object> (and without disabling
script).

 

My questions: 1. does the above still expose the user to the security
risk that Adobe was concerned about in the first place?

 

If so advising this work-around would perhaps not be a good idea.

 

2. Since <embed> works everywhere, why not recommend it? Is the only
reason not to that it is not a W3C standard? What do I tell our readers
who may not care if it's a standard or not so long as it works?

 

David

 

 

 

* platitudes like that often make me nervous ("patriot act" "no child
left behind" --- it seems like they usually have just the opposite
effect)

 

 

From: public-svg-ig-request@w3.org [mailto:public-svg-ig-request@w3.org]
On Behalf Of Dailey, David P.
Sent: Thursday, April 02, 2009 9:04 AM
To: SVG IG List
Subject: Progress on SVG book

 

Hi folks,

 

A mini-landmark has been attained: I've finished the first phase of
editorial revision: completing the translation from MS Word to HTML
(begun by Doug in October).  Next I'll be sweeping through the document
with regards to both incorporating changes suggested by the various
reviewers and modernizing the text a little bit (e.g. to reflect the
presence of SVG support in new browsers like Chrome and Safari). A bit
of that modernization has already begun, as I happened to see things in
sweeping through the HTML.  

 

I believe the Appendix on HTML should just quietly disappear. HTML is in
the midst of rapid change and I am not the right person to write about
it. Its inclusion made sense, it seemed, when the document was intended
for print. In the meantime I've included a link to Dave Raggett's
Introduction to the subjection. Unless anyone sees a reason to revise it
or keep it, then I'll remove it once I've found and removed any
references to it from the main text.

 

The current version (which gets it back to where it was as a print
document a couple of years ago) can be seen at
http://srufaculty.sru.edu/david.dailey/cs427/StateOfArt-Dailey.html

 

Doug, I suspect that I should be able to complete the incorporation of
reviewers comments within a week or two, so it probably does not make
sense to move the existing document to W3C just yet until that step is
done.

 

After that is done, we can anticipate a series of comments from other
folks here, but that process will go on forever, so that might be the
time to make the document go "live"??

 

Cheers

David
Received on Friday, 3 April 2009 19:59:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:28:24 UTC