[thelist] Bug or Feature?

Stephen Rider evolt_org at striderweb.com
Fri Dec 3 11:32:32 CST 2004 

First off, I'm not actually referring to an iframe; I'm creating a 
similar effect using *object* with an html page as the data.  I don't 
know if this applies to iframes or not.

IE is on default settings, so changing that is unfortunately not a 
valid solution to me -- as my rule is that pages should "just work" for 
the average user, and the average user uses default security settings.

A page on my c:  drive can embed a page on an internet server 
somewhere, but a page being served from one server (even a local one) 
can not embed a file on another server somewhere else.

The update to this is that I managed to recreate the outside 
functionality directly on my page -- basically by rewriting it all >:(  
  -- but I would love to find a fix for this for future reference.

Again, Thanks.

Steve


On Dec 1, 2004, at 10:29 AM, Peter Brunone ((EasyListBox.com)) wrote:

> 	OTOH, I'd say it's a security feature; there's nothing about a
> different domain that should cause iframe rendering to break like that.
>
> 	What happens if you run the page from your local drive or web
> server via UNC instead of from the remote web server?  IE will have
> lower default security settings for local pages, so that might indicate
> whether there's a config setting for you to track down.
>
> -----Original Message-----
>> I'm using the *object* tag to embed one html document within another.
>>
>> The odd thing is, IE refuses to display an embedded HTML page if the
>> page is located at a different domain.  so with www.abc.com/inside.htm
>> embedded within www.123.com/outside.htm, IE displays a blank box where
>> the embed should be.  Firefox and Safari show the embedded page.
>>
>> If both pages are on the same domain (www.abc.com/inside.htm embedded
>> in www.abc.com/outside.htm), all three browsers display the embedded
>> page.
>>
>> So here's the question:  is this a bug in IE or a  security feature?  
>> I
>> can see how someone having the ability to... say, embed  a totally
>> separate page in a 1px by 1px frame might be a security risk, in a
>> sense, but I can also imagine somebody deciding it should be
>> disallowed.
>>
>> Either way, is there a way around it?

More information about the thelist mailing list