[thelist] Bug or Feature?

Peter Brunone (EasyListBox.com) peter at easylistbox.com
Wed Dec 1 10:29:20 CST 2004


	OTOH, I'd say it's a security feature; there's nothing about a
different domain that should cause iframe rendering to break like that.

	What happens if you run the page from your local drive or web
server via UNC instead of from the remote web server?  IE will have
lower default security settings for local pages, so that might indicate
whether there's a config setting for you to track down.

-----Original Message-----
From: thelist-bounces at lists.evolt.org On Behalf Of Stephen Rider

I've encountered an interesting rendering difference between 
Firefox/Safari and IE.

I'm using the *object* tag to embed one html document within another.  
(A third-party company is providing us with functionality that we want 
to appear directly within one of our pages).

The odd thing is, IE refuses to display an embedded HTML page if the 
page is located at a different domain.  so with www.abc.com/inside.htm 
embedded within www.123.com/outside.htm, IE displays a blank box where 
the embed should be.  Firefox and Safari show the embedded page.

If both pages are on the same domain (www.abc.com/inside.htm embedded 
in www.abc.com/outside.htm), all three browsers display the embedded 
page.

So here's the question:  is this a bug in IE or a  security feature?  I 
can see how someone having the ability to... say, embed  a totally 
separate page in a 1px by 1px frame might be a security risk, in a 
sense, but I can also imagine somebody deciding it should be 
disallowed.

Either way, is there a way around it?

(or am I just rambling?)

-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 




More information about the thelist mailing list