- From: Jeff Schiller <codedread@gmail.com>
- Date: Thu, 13 Mar 2008 13:03:27 -0500
- To: www-dom@w3.org, public-webapi@w3.org
Sorry, I didn't know what mailing list to send this to, hopefully I
caught some knowledgable people with this:
<html>
<object data="http://some.other.domain/example.svg" ><param
name="foo" value="bar"/></object>
</html>
>From within foo.svg, shouldn't I be able to get access to the
parameters sent to the object? This fails when the SVG and HTML are
in different domains (in my case, I have the HTML on a sub-domain and
the SVG at my root domain).
example.svg:
<svg>
<script>
var obj = window.frameElement;
obj.getElementsByTagName("param"); // security error in Mozilla, Opera
obj.firstChild; // security error in Mozilla, Opera
</script>
</svg>
Are the parameter elements exposed to the embedded object? In my
opinion, they NEED to be (that's their reason to exist, the client has
full knowledge that they are sending this information for the embedded
object's use). From the SVG, I should be able to get the parameter
names and values, but I can't figure out a way.
Yes, there are security challenges with exposing the parameter
elements, but I'm still looking for any way to do this.
Thanks,
Jeff
Received on Thursday, 13 March 2008 18:04:02 UTC