[whatwg] <include> element

Martin Atkins mart at degeneration.co.uk
Thu Apr 26 10:12:11 PDT 2007


Christian Schmidt wrote:
> 
> In practice, the result effect is often achieved by wrapping your 
> include file in a document.write() and including this using script a 
> <script src="...">. However, this makes it harder to write these 
> includes by hand (you have to escape certain characters, ' " \ \n \r 
> \t), and debugging also gets more difficult.
> 

This last point made me think of a related issue:

When you use the above technique, the included script runs in the 
security context of the including page, and this technique therefore 
requires complete trust of the included document.

Would documents included via <include> run in the security context of 
the including page, as with the script technique, or would they run in 
the context of the included document, as with iframes?

Personally I favor the latter, but I wonder if this impact's anyone's 
use-cases?.




More information about the whatwg mailing list