On Fri, 14 Mar 2008 05:24:45 +0900, Jonas Sicking <jonas@sicking.cc> wrote: >> I can understand not letting the embedded object get at the elements >> outside of the HTMLObjectElement, but this seems like a weird design >> flaw - the object parameters should be accessible to the embedded >> object, regardless of domain - that's their purpose. It would have >> been great if HTMLObjectElement had an accessible "params" NodeList >> readonly attribute :( I don't think that's a good idea because it opens up too many opportunities for violating cross-domain policies. For example, you'd have to introduce security checks on properties like window.frameElement.nodeList[0].parentElement.. > The proper fix here is IMHO to add something to the window object. So > that you don't have to reach out into documents that are from a > different domain. Agree. Would window.paramList be a good name? An object with name:value mappings would be useful, and one could iterate over it with for..in as usual. -- Hallvord R. M. Steen Core QA JavaScript tester, Opera Software http://www.opera.com/ Opera - simply the best Internet experienceReceived on Friday, 14 March 2008 02:08:08 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:54:18 UTC