W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2007

[whatwg] <include> element

From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 26 Apr 2007 18:12:11 +0100
Message-ID: <4630DD6B.6080309@degeneration.co.uk>
Christian Schmidt wrote:
> In practice, the result effect is often achieved by wrapping your 
> include file in a document.write() and including this using script a 
> <script src="...">. However, this makes it harder to write these 
> includes by hand (you have to escape certain characters, ' " \ \n \r 
> \t), and debugging also gets more difficult.

This last point made me think of a related issue:

When you use the above technique, the included script runs in the 
security context of the including page, and this technique therefore 
requires complete trust of the included document.

Would documents included via <include> run in the security context of 
the including page, as with the script technique, or would they run in 
the context of the included document, as with iframes?

Personally I favor the latter, but I wonder if this impact's anyone's 
Received on Thursday, 26 April 2007 10:12:11 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:54 UTC