[thelist] Bug or Feature?
Stephen Rider
evolt_org at striderweb.com
Fri Dec 3 11:32:32 CST 2004
First off, I'm not actually referring to an iframe; I'm creating a
similar effect using *object* with an html page as the data. I don't
know if this applies to iframes or not.
IE is on default settings, so changing that is unfortunately not a
valid solution to me -- as my rule is that pages should "just work" for
the average user, and the average user uses default security settings.
A page on my c: drive can embed a page on an internet server
somewhere, but a page being served from one server (even a local one)
can not embed a file on another server somewhere else.
The update to this is that I managed to recreate the outside
functionality directly on my page -- basically by rewriting it all >:(
-- but I would love to find a fix for this for future reference.
Again, Thanks.
Steve
On Dec 1, 2004, at 10:29 AM, Peter Brunone ((EasyListBox.com)) wrote:
> OTOH, I'd say it's a security feature; there's nothing about a
> different domain that should cause iframe rendering to break like that.
>
> What happens if you run the page from your local drive or web
> server via UNC instead of from the remote web server? IE will have
> lower default security settings for local pages, so that might indicate
> whether there's a config setting for you to track down.
>
> -----Original Message-----
>> I'm using the *object* tag to embed one html document within another.
>>
>> The odd thing is, IE refuses to display an embedded HTML page if the
>> page is located at a different domain. so with www.abc.com/inside.htm
>> embedded within www.123.com/outside.htm, IE displays a blank box where
>> the embed should be. Firefox and Safari show the embedded page.
>>
>> If both pages are on the same domain (www.abc.com/inside.htm embedded
>> in www.abc.com/outside.htm), all three browsers display the embedded
>> page.
>>
>> So here's the question: is this a bug in IE or a security feature?
>> I
>> can see how someone having the ability to... say, embed a totally
>> separate page in a 1px by 1px frame might be a security risk, in a
>> sense, but I can also imagine somebody deciding it should be
>> disallowed.
>>
>> Either way, is there a way around it?
More information about the thelist
mailing list