> -----Original Message----- > From: James Holmes [mailto:[EMAIL PROTECTED] > Sent: Monday, May 23, 2005 9:25 PM > To: CF-Talk > Subject: RE: (OT) Object tag - text/html in IE Cross Domain > > ROFL. > > It's similar to an iframe in the way it works (and that's how I ended up > doing it) but there is one small difference - an iframe's navigation is > self-contained (i.e. links open inside the iframe) whereas the object > tag's links (by default) target the browser containing the tag like any > other. This difference may be more of a security hassle, I guess. > Luckily in this instance the code I included had no links so the end > result was anlomst identical using the iframe.
The only reason I'm being such a prick about this is that I've been through it. Our company was bought out and we wanted to combine our websites - content from both servers in the same frame. But we had all sorts of cross-site scripting issues. I spent some time and figured out an inelegant, but perfectly usable system for passing information across sites using the status bar. This was because it turned out that browsers from different domains could still both read and write to the status bar (at the time it worked in everything but IE 5.5 - although oddly it did work in IE 6). The code essentially created asynchronous messaging queues between two sites - it was actually pretty slick. (I've still got it if anybody wants to take a look.) It allowed scripts from different domains to share text data. (As an aside I still think that's something that should be allowed via some specialized code. There should be some standardized location - something like a "public" object which is accessible to all scripts in the instance - that way different sites that choose to share data would have the ability too, but the default behavior would be safe.) I made the mistake of posting a question about how to fix the IE 5.5 issue to a public forum which started a whole tirade about cross-site browser security. Several people sent messages to the various vendors - now my code doesn't work in any of the new browsers. Because of that I'm just overly wary of taking advantage of anything that even has shades of that. I just don't want to get used to something only to have the capability disabled just when I've gotten used to relying on it. ;^) Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207502 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
