[whatwg] <include> element
Martin Atkins
mart at degeneration.co.uk
Thu Apr 26 10:12:11 PDT 2007
Christian Schmidt wrote:
>
> In practice, the result effect is often achieved by wrapping your
> include file in a document.write() and including this using script a
> <script src="...">. However, this makes it harder to write these
> includes by hand (you have to escape certain characters, ' " \ \n \r
> \t), and debugging also gets more difficult.
>
This last point made me think of a related issue:
When you use the above technique, the included script runs in the
security context of the including page, and this technique therefore
requires complete trust of the included document.
Would documents included via <include> run in the security context of
the including page, as with the script technique, or would they run in
the context of the included document, as with iframes?
Personally I favor the latter, but I wonder if this impact's anyone's
use-cases?.
More information about the whatwg
mailing list