[whatwg] <include> element

Jonas Sicking jonas at sicking.cc
Fri Apr 27 03:34:24 PDT 2007


Christian Schmidt wrote:
> Jonas Sicking wrote:
>> The idea is basically an element like <iframe> but that renders the
>> linked page, instead of inside a square area, in flow with the main
>> page.
> This is actually useful not only in Ajax-like applications like the ones 
> suggested in your example but also in more static pages as a replacement 
> for server-side includes. Client-side includes make it easier to make 
> sites that are made up data from different sources. Most developers 
> prefer to avoid server-site includes in favour of letting clients 
> request the resource directly.
> 
> Some sites may choose to serve the top-level navigation from one central 
> place, even though the site is made up of several subsites hosted on 
> different servers and platforms by different hosting companies. The 
> <include> element could be used to include the top-level navigation on 
> each of the subsites. Also, content from different subsites could be 
> aggregated on one overview page using <include>.
> 
> Ad banners are usually served from a seperate server. Banners with fixed 
> proportions are probably better served using an IFRAME, but e.g. 
> Google's text-ads may vary in size and could benefit from being a part 
> of the page.

Note that for security reasons we can't allow the <include> to point to 
servers other than that of the including page. Otherwise it would be 
possible to pull information out of documents on another server by using 
a fragment identifier. For example, the following could be used to see 
how many bank transactions a user has done in the past month:

<include src="http://citibank.com/cgi/transactions.phptranstable">

obviously that is a made up url, but you get the general idea.

It is possible that we could overcome this using the access control 
specification, but I haven't looked into if that would actually work.

/ jonas



More information about the whatwg mailing list