[thelist] Bug or Feature?

Stephen Rider evolt_org at striderweb.com
Wed Dec 1 10:07:12 CST 2004


I've encountered an interesting rendering difference between 
Firefox/Safari and IE.

I'm using the *object* tag to embed one html document within another.  
(A third-party company is providing us with functionality that we want 
to appear directly within one of our pages).

The odd thing is, IE refuses to display an embedded HTML page if the 
page is located at a different domain.  so with www.abc.com/inside.htm 
embedded within www.123.com/outside.htm, IE displays a blank box where 
the embed should be.  Firefox and Safari show the embedded page.

If both pages are on the same domain (www.abc.com/inside.htm embedded 
in www.abc.com/outside.htm), all three browsers display the embedded 
page.

So here's the question:  is this a bug in IE or a  security feature?  I 
can see how someone having the ability to... say, embed  a totally 
separate page in a 1px by 1px frame might be a security risk, in a 
sense, but I can also imagine somebody deciding it should be 
disallowed.

Either way, is there a way around it?

(or am I just rambling?)



More information about the thelist mailing list