On Fri, 14 Mar 2008 05:24:45 +0900, Jonas Sicking <[EMAIL PROTECTED]> wrote:
I can understand not letting the embedded object get at the elements outside of the HTMLObjectElement, but this seems like a weird design flaw - the object parameters should be accessible to the embedded object, regardless of domain - that's their purpose. It would have been great if HTMLObjectElement had an accessible "params" NodeList readonly attribute :(
I don't think that's a good idea because it opens up too many opportunities for violating cross-domain policies. For example, you'd have to introduce security checks on properties like window.frameElement.nodeList[0].parentElement..
The proper fix here is IMHO to add something to the window object. So that you don't have to reach out into documents that are from a different domain.
Agree. Would window.paramList be a good name? An object with name:value mappings would be useful, and one could iterate over it with for..in as usual.
-- Hallvord R. M. Steen Core QA JavaScript tester, Opera Software http://www.opera.com/ Opera - simply the best Internet experience
