Re: Accessing Object Parameters from an Embedded SVG

On Fri, 14 Mar 2008 05:24:45 +0900, Jonas Sicking <jonas@sicking.cc> wrote:

>>  I can understand not letting the embedded object get at the elements
>> outside of the HTMLObjectElement, but this seems like a weird design
>> flaw - the object parameters should be accessible to the embedded
>> object, regardless of domain - that's their purpose.  It would have
>> been great if HTMLObjectElement had an accessible "params" NodeList
>> readonly attribute :(

I don't think that's a good idea because it opens up too many  
opportunities for violating cross-domain policies. For example, you'd have  
to introduce security checks on properties like  
window.frameElement.nodeList[0].parentElement..

> The proper fix here is IMHO to add something to the window object. So  
> that you don't have to reach out into documents that are from a  
> different domain.

Agree. Would window.paramList be a good name? An object with name:value  
mappings would be useful, and one could iterate over it with for..in as  
usual.

-- 
Hallvord R. M. Steen
Core QA JavaScript tester, Opera Software
http://www.opera.com/
Opera - simply the best Internet experience

Received on Friday, 14 March 2008 02:08:08 UTC