- From: Jeff Schiller <codedread@gmail.com>
- Date: Thu, 13 Mar 2008 13:03:27 -0500
- To: www-dom@w3.org, public-webapi@w3.org
Sorry, I didn't know what mailing list to send this to, hopefully I caught some knowledgable people with this: <html> <object data="http://some.other.domain/example.svg" ><param name="foo" value="bar"/></object> </html> >From within foo.svg, shouldn't I be able to get access to the parameters sent to the object? This fails when the SVG and HTML are in different domains (in my case, I have the HTML on a sub-domain and the SVG at my root domain). example.svg: <svg> <script> var obj = window.frameElement; obj.getElementsByTagName("param"); // security error in Mozilla, Opera obj.firstChild; // security error in Mozilla, Opera </script> </svg> Are the parameter elements exposed to the embedded object? In my opinion, they NEED to be (that's their reason to exist, the client has full knowledge that they are sending this information for the embedded object's use). From the SVG, I should be able to get the parameter names and values, but I can't figure out a way. Yes, there are security challenges with exposing the parameter elements, but I'm still looking for any way to do this. Thanks, Jeff
Received on Thursday, 13 March 2008 18:04:00 UTC