- From: Martin Atkins <mart@degeneration.co.uk>
- Date: Thu, 26 Apr 2007 18:12:11 +0100
Christian Schmidt wrote: > > In practice, the result effect is often achieved by wrapping your > include file in a document.write() and including this using script a > <script src="...">. However, this makes it harder to write these > includes by hand (you have to escape certain characters, ' " \ \n \r > \t), and debugging also gets more difficult. > This last point made me think of a related issue: When you use the above technique, the included script runs in the security context of the including page, and this technique therefore requires complete trust of the included document. Would documents included via <include> run in the security context of the including page, as with the script technique, or would they run in the context of the included document, as with iframes? Personally I favor the latter, but I wonder if this impact's anyone's use-cases?.
Received on Thursday, 26 April 2007 10:12:11 UTC