Living Standard — Last Updated15 October 2024
iframe
elementSupport in all current engines.
Support in all current engines.
src
— Address of the resource
srcdoc
— A document to render in theiframe
name
— Name ofcontent navigable
sandbox
— Security rules for nested content
allow
—Permissions policyto be applied to theiframe
's contents
allowfullscreen
— Whether to allow theiframe
's contents to userequestFullscreen()
width
— Horizontal dimension
height
— Vertical dimension
referrerpolicy
—Referrer policyforfetchesinitiated by the element
loading
— Used when determining loading deferral
[Exposed =Window ]
interface HTMLIFrameElement :HTMLElement {
[HTMLConstructor ]constructor ();
[CEReactions ]attribute USVString src ;
[CEReactions ]attribute (TrustedHTML
or DOMString )srcdoc ;
[CEReactions ]attribute DOMString name ;
[SameObject ,PutForwards =value ]readonly attribute DOMTokenList sandbox ;
[CEReactions ]attribute DOMString allow ;
[CEReactions ]attribute boolean allowFullscreen ;
[CEReactions ]attribute DOMString width ;
[CEReactions ]attribute DOMString height ;
[CEReactions ]attribute DOMString referrerPolicy ;
[CEReactions ]attribute DOMString loading ;
readonly attribute Document ?contentDocument ;
readonly attribute WindowProxy ?contentWindow ;
Document ?getSVGDocument ();
//also has obsolete members
};
Theiframe
elementrepresentsitscontent navigable.
Thesrc
attribute
gives theURLof a page that the element'scontent navigableis to
contain. The attribute, if present, must be avalid non-empty URL potentially surrounded by
spaces.If theitemprop
attribute is specified on an
iframe
element, then thesrc
attribute must
also be specified.
Support in all current engines.
Thesrcdoc
attribute gives the content of the page that the element'scontent navigableis to
contain. The value of the attribute is used toconstructaniframe
srcdoc
document,which is aDocument
whose
URLmatchesabout:srcdoc
.
Thesrcdoc
attribute, if present, must have a value
usingthe HTML syntaxthat consists of the following syntactic components, in the
given order:
html
element.The above requirements apply inXML documentsas well.
Here a blog uses thesrcdoc
attribute in conjunction
with thesandbox
attribute described below to provide
users of user agents that support this feature with an extra layer of protection from script
injection in the blog post comments:
< article >
< h1 > I got my own magazine!</ h1 >
< p > After much effort, I've finally found a publisher, and so now I
have my own magazine! Isn't that awesome?! The first issue will come
out in September, and we have articles about getting food, and about
getting in boxes, it's going to be great!</ p >
< footer >
< p > Written by< a href = "/users/cap" > cap</ a > ,1 hour ago.
</ footer >
< article >
< footer > Thirteen minutes ago,< a href = "/users/ch" > ch</ a > wrote:</ footer >
< iframe sandbox srcdoc = "<p>did you get a cover picture yet?" ></ iframe >
</ article >
< article >
< footer > Nine minutes ago,< a href = "/users/cap" > cap</ a > wrote:</ footer >
< iframe sandbox srcdoc = "<p>Yeah, you can see it <a href="/gallery?mode=cover&amp;page=1">in my gallery</a>." ></ iframe >
</ article >
< article >
< footer > Five minutes ago,< a href = "/users/ch" > ch</ a > wrote:</ footer >
< iframe sandbox srcdoc = "<p>hey that's earl's table.
<p>you should get earl&amp;me on the next cover. " ></ iframe >
</ article >
Notice the way that quotes have to be escaped (otherwise thesrcdoc
attribute would end prematurely), and the way raw
ampersands (e.g. in URLs or in prose) mentioned in the sandboxed content have to be
doublyescaped — once so that the ampersand is preserved when originally parsing
thesrcdoc
attribute, and once more to prevent the
ampersand from being misinterpreted when parsing the sandboxed content.
Furthermore, notice that since theDOCTYPEis optional in
iframe
srcdoc
documents,and thehtml
,
head
,andbody
elements haveoptional
start and end tags,and thetitle
element is also optional iniframe
srcdoc
documents,the markup in asrcdoc
attribute can be
relatively succinct despite representing an entire document, since only the contents of the
body
element need appear literally in the syntax. The other elements are still
present, but only by implication.
Inthe HTML syntax,authors need only remember to use U+0022
QUOTATION MARK characters ( ") to wrap the attribute contents and then to escape all U+0026
AMPERSAND (&) and U+0022 QUOTATION MARK (" ) characters, and to specify thesandbox
attribute, to ensure safe embedding of content. (And
remember to escape ampersands before quotation marks, to ensure quotation marks become "
and not &quot;.)
In XML the U+003C LESS-THAN SIGN character (<) needs to be escaped as well. In order to preventattribute-value normalization,some of XML's whitespace characters — specifically U+0009 CHARACTER TABULATION (tab), U+000A LINE FEED (LF), and U+000D CARRIAGE RETURN (CR) — also need to be escaped.[XML]
If thesrc
attribute and thesrcdoc
attribute are both specified together, thesrcdoc
attribute takes priority. This allows authors to provide
a fallbackURLfor legacy user agents that do not support thesrcdoc
attribute.
Theiframe
HTML element insertion steps,given
insertedNode,are:
IfinsertedNode'sshadow-including root'sbrowsing contextis null, then return.
Create a new child navigableforinsertedNode.
IfinsertedNodehas asandbox
attribute, thenparse the sandboxing
directivegiven the attribute's value andinsertedNode's
iframe
sandboxing flag set.
Process theiframe
attributesforinsertedNode,with
initialInsertionset to true.
Theiframe
HTML element removing steps,given
removedNode,are todestroy a child navigablegiven
removedNode.
This happens without anyunload
events firing
(the element'scontent documentisdestroyed,notunloaded).
Althoughiframe
s are processed while in ashadow tree,
per the above, several other aspects of their behavior are not well-defined with regards to
shadow trees. Seeissue #763for more
detail.
Whenever aniframe
element with a non-nullcontent navigablehas its
srcdoc
attribute set, changed, or removed, the user
agent mustprocess theiframe
attributes.
Similarly, whenever aniframe
element with a non-nullcontent
navigablebut with nosrcdoc
attribute specified
has itssrc
attribute set, changed, or removed, the user
agent mustprocess theiframe
attributes.
Toprocess theiframe
attributesfor an elementelement,
with an optional booleaninitialInsertion(default false):
Ifelement'ssrcdoc
attribute is
specified, then:
Setelement'scurrent navigation was lazy loadedboolean to false.
If thewill lazy load element stepsgivenelementreturn true, then:
Setelement'slazy load resumption stepsto the rest of this algorithm starting with the step labelednavigate to the srcdoc resource.
Setelement'scurrent navigation was lazy loadedboolean to true.
Start intersection-observing a lazy loading elementfor element.
Return.
Navigate to the srcdoc resource:Navigate aniframe
or
frame
givenelement,about:srcdoc
,the empty
string, and the value ofelement'ssrcdoc
attribute.
The resultingDocument
must be consideredaniframe
srcdoc
document.
Otherwise:
Leturlbe the result of running theshared attribute processing steps
foriframe
andframe
elementsgivenelementand
initialInsertion.
Ifurlis null, then return.
Ifurlmatchesabout:blank
and
initialInsertionis true, then:
Run theiframe load event stepsgivenelement.
Return.
LetreferrerPolicybe the current state ofelement'sreferrerpolicy
content attribute.
Setelement'scurrent navigation was lazy loadedboolean to false.
If thewill lazy load element stepsgivenelementreturn true, then:
Setelement'slazy load resumption stepsto the rest of this algorithm starting with the step labelednavigate.
Setelement'scurrent navigation was lazy loadedboolean to true.
Start intersection-observing a lazy loading elementfor element.
Return.
Navigate:Navigate aniframe
orframe
givenelement,url,andreferrerPolicy.
Theshared attribute processing steps
foriframe
andframe
elements,given an element
elementand a booleaninitialInsertion,are:
Leturlbe theURL recordabout:blank
.
Ifelementhas asrc
attribute specified,
and its value is not the empty string, then:
LetmaybeURLbe the result ofencoding-parsing a URLgiven that attribute's value, relative toelement'snode document.
IfmaybeURLis not failure, then seturlto maybeURL.
If theinclusive ancestor navigablesofelement'snode navigablecontains anavigablewhoseactive document'sURLequalsurlwithexclude fragmentsset to true, then return null.
Ifurlmatchesabout:blank
and
initialInsertionis true, then perform theURL and history update steps
givenelement'scontent navigable'sactive
documentandurl.
This is necessary in caseurlis something likeabout:blank?foo
.Ifurlis just plainabout:blank
,this will do nothing.
Returnurl.
Tonavigate aniframe
orframe
given an element
element,aURLurl,areferrer policy
referrerPolicy,and an optional string-or-nullsrcdocString(default
null):
LethistoryHandlingbe "auto
".
Ifelement'scontent navigable'sactive documentis notcompletely loaded,then set
historyHandlingto "replace
".
Ifelementis aniframe
,then setelement'spending resource-timing start timeto
thecurrent high resolution timegivenelement's
node document'srelevant global object.
Navigateelement'scontent navigabletourlusingelement'snode document,with historyHandlingset tohistoryHandling,referrerPolicyset toreferrerPolicy,anddocumentResourceset tosrcdocString.
EachDocument
has aniframe load in progressflag and amute
iframe loadflag. When aDocument
is created, these flags must be unset for
thatDocument
.
To run theiframe load event steps,given aniframe
element
element:
Assert:element'scontent navigableis not null.
LetchildDocumentbeelement'scontent navigable's active document.
IfchildDocumenthas itsmute iframe loadflag set, then return.
Ifelement'spending resource-timing start timeis not null, then:
Letglobalbeelement'snode document's relevant global object.
LetfallbackTimingInfobe a newfetch timing infowhosestart timeiselement'spending resource-timing start time and whoseresponse end timeis the current high resolution timegivenglobal.
Mark resource timinggivenfallbackTimingInfo,url,
"iframe
",global,the empty string, a new
response body info,and 0.
Setelement'spending resource-timing start time to null.
SetchildDocument'siframe load in progressflag.
Fire an eventnamedload
atelement.
UnsetchildDocument'siframe load in progressflag.
This, in conjunction with scripting, can be used to probe the URL space of the local network's HTTP servers. User agents may implementcross-origin access control policies that are stricter than those described above to mitigate this attack, but unfortunately such policies are typically not compatible with existing web content.
If an element typepotentially delays the load event,then for each element elementof that type, the user agent mustdelay the load eventof element'snode documentifelement'scontent navigableis non-null and any of the following are true:
element'scontent navigable'sactive documentis notready for post-load tasks;
element'scontent navigable'sis delayingload
eventsis true; or
anything isdelaying the load eventof element'scontent navigable'sactive document.
If, during the handling of theload
event,
element'scontent navigableis againnavigated,that will furtherdelay the load event.
Eachiframe
element has an associatedcurrent navigation was lazy
loadedboolean, initially false. It is set and unset in theprocess the
iframe
attributesalgorithm.
Aniframe
element whosecurrent navigation was lazy loadedboolean is
falsepotentially delays the load event.
Eachiframe
element has an associated null or
DOMHighResTimeStamp
pending resource-timing start time,
initially set to null.
If, when the element is created, thesrcdoc
attribute is not set, and thesrc
attribute is either also not set or set but its value cannot
beparsed,the element'scontent
navigablewill remain at theinitial
about:blank
Document
.
If the usernavigatesaway from this page, the
iframe
'scontent navigable'sactive
WindowProxy
object will proxy newWindow
objects for new
Document
objects, but thesrc
attribute will
not change.
Thename
attribute, if present, must be avalid navigable target name.The given value is
used to name the element'scontent navigableif present when that iscreated.
Support in all current engines.
Thesandbox
attribute, when specified, enables a set of extra restrictions on any content hosted by the
iframe
.Its value must be anunordered set of unique space-separated
tokensthat areASCII case-insensitive.The allowed values are:
allow-downloads
allow-forms
allow-modals
allow-orientation-lock
allow-pointer-lock
allow-popups
allow-popups-to-escape-sandbox
allow-presentation
allow-same-origin
allow-scripts
allow-top-navigation
allow-top-navigation-by-user-activation
allow-top-navigation-to-custom-protocols
When the attribute is set, the content is treated as being from a uniqueopaque origin,forms, scripts, and various potentially
annoying APIs are disabled, and links are prevented from targeting othernavigables.Theallow-same-origin
keyword causes the
content to be treated as being from its real origin instead of forcing it into anopaque origin;theallow-top-navigation
keyword allows the
content tonavigateitstraversable navigable;
theallow-top-navigation-by-user-activation
keyword behaves similarly but allows suchnavigationonly when the
browsing context'sactive windowhastransient
activation;theallow-top-navigation-to-custom-protocols
reenables navigations toward nonfetch schemeto behanded off to external software;and theallow-forms
,allow-modals
,allow-orientation-lock
,allow-pointer-lock
,allow-popups
,allow-presentation
,allow-scripts
,andallow-popups-to-escape-sandbox
keywords re-enable forms, modal dialogs, screen orientation lock, the pointer lock API, popups,
the presentation API, scripts, and the creation of unsandboxedauxiliary browsing contextsrespectively. Theallow-downloads
keyword allows content to
perform downloads.[POINTERLOCK][SCREENORIENTATION][PRESENTATION]
Theallow-top-navigation
andallow-top-navigation-by-user-activation
keywords must not both be specified, as doing so is redundant; onlyallow-top-navigation
will have an effect
in such non-conformant markup.
Similarly, theallow-top-navigation-to-custom-protocols
keyword must not be specified if eitherallow-top-navigation
orallow-popups
are specified, as doing so is
redundant.
To allowalert()
,confirm()
,andprompt()
inside
sandboxed content, both theallow-modals
andallow-same-origin
keywords need to
be specified, and the loaded URL needs to besame originwith thetop-level
origin.Without theallow-same-origin
keyword, the content is
always treated as cross-origin, and cross-origin contentcannot show simple
dialogs.
Setting both theallow-scripts
andallow-same-origin
keywords together when the
embedded page has thesame originas the page containing theiframe
allows the embedded page to simply remove thesandbox
attribute and then reload itself, effectively breaking out of the sandbox altogether.
These flags only take effect when thecontent navigableof the
iframe
element isnavigated.Removing them, or
removing the entiresandbox
attribute, has no effect on
an already-loaded page.
Potentially hostile files should not be served from the same server as the file
containing theiframe
element. Sandboxing hostile content is of minimal help if an
attacker can convince the user to just visit the hostile content directly, rather than in the
iframe
.To limit the damage that can be caused by hostile HTML content, it should be
served from a separate dedicated domain. Using a different domain ensures that scripts in the
files are unable to attack the site, even if the user is tricked into visiting those pages
directly, without the protection of thesandbox
attribute.
When aniframe
element'ssandbox
attribute is set or changed while it has a non-nullcontent navigable,the user
agent mustparse the sandboxing directive
given the attribute's value and theiframe
element'siframe
sandboxing flag set.
When aniframe
element'ssandbox
attribute is removed while it has a non-nullcontent navigable,the user agent must
empty theiframe
element'siframe
sandboxing flag set.
In this example, some completely-unknown, potentially hostile, user-provided HTML content is embedded in a page. Because it is served from a separate domain, it is affected by all the normal cross-site restrictions. In addition, the embedded page has scripting disabled, plugins disabled, forms disabled, and it cannot navigate any frames or windows other than itself (or any frames or windows it itself embeds).
< p > We're not scared of you! Here is your content, unedited:</ p >
< iframe sandbox src = "https://usercontent.example.net/getusercontent.cgi?id=12193" ></ iframe >
It is important to use a separate domain so that if the attacker convinces the user to visit that page directly, the page doesn't run in the context of the site's origin, which would make the user vulnerable to any attack found in the page.
In this example, a gadget from another site is embedded. The gadget has scripting and forms enabled, and the origin sandbox restrictions are lifted, allowing the gadget to communicate with its originating server. The sandbox is still useful, however, as it disables plugins and popups, thus reducing the risk of the user being exposed to malware and other annoyances.
< iframe sandbox = "allow-same-origin allow-forms allow-scripts"
src = "https://maps.example.com/embedded.html" ></ iframe >
Suppose a file A contained the following fragment:
< iframe sandbox = "allow-same-origin allow-forms" src = B ></ iframe >
Suppose that file B contained an iframe also:
< iframe sandbox = "allow-scripts" src = C ></ iframe >
Further, suppose that file C contained a link:
< a href = D > Link</ a >
For this example, suppose all the files were served astext/html
.
Page C in this scenario has all the sandboxing flags set. Scripts are disabled, because the
iframe
in A has scripts disabled, and this overrides theallow-scripts
keyword set on the
iframe
in B. Forms are also disabled, because the inneriframe
(in B)
does not have theallow-forms
keyword
set.
Suppose now that a script in A removes all thesandbox
attributes in A and B.
This would change nothing immediately. If the user clicked the link in C, loading page D into
theiframe
in B, page D would now act as if theiframe
in B had the
allow-same-origin
andallow-forms
keywords set, because that was the
state of thecontent navigablein theiframe
in A when page B was
loaded.
Generally speaking, dynamically removing or changing thesandbox
attribute is ill-advised, because it can make it quite
hard to reason about what will be allowed and what will not.
Theallow
attribute, when specified, determines thecontainer
policythat will be used when thepermissions policyfor a
Document
in theiframe
'scontent navigableis initialized.
Its value must be aserialized permissions
policy.[PERMISSIONSPOLICY]
In this example, aniframe
is used to embed a map from an online navigation
service. Theallow
attribute is used to enable the
Geolocation API within the nested context.
< iframe src = "https://maps.example.com/" allow = "geolocation" ></ iframe >
Theallowfullscreen
attribute is aboolean
attribute.When specified, it indicates thatDocument
objects in the
iframe
element'scontent navigablewill be initialized with apermissions policywhich allows the "fullscreen
"feature to be used from anyorigin.This is enforced by
theprocess permissions policy
attributesalgorithm.[PERMISSIONSPOLICY]
Here, aniframe
is used to embed a player from a video site. Theallowfullscreen
attribute is needed to enable the
player to show its video fullscreen.
< article >
< header >
< p >< img src = "/usericons/1627591962735" > < b > Fred Flintstone</ b ></ p >
< p >< a href = "/posts/3095182851" rel = bookmark > 12:44</ a > —< a href = "#acl-3095182851" > Private Post</ a ></ p >
</ header >
< p > Check out my new ride!</ p >
< iframe src = "https://video.example.com/embed?id=92469812" allowfullscreen ></ iframe >
</ article >
Neitherallow
norallowfullscreen
can grant access to a feature in an
iframe
element'scontent navigableif the element'snode
documentis not already allowed to use that feature.
To determine whether aDocument
objectdocument
isallowed to usethe policy-controlled-featurefeature,run these
steps:
Ifdocument'sbrowsing contextis null, then return false.
Ifdocumentis notfully active,then return false.
If the result of runningis feature enabled in document
for originonfeature,document,anddocument'soriginis "Enabled
",then return
true.
Return false.
Because they only influence thepermissions policyof thecontent
navigable'sactive document,theallow
andallowfullscreen
attributes only take effect when the
content navigableof theiframe
isnavigated.Adding or removing them has no effect on an already-loaded
document.
Theiframe
element supportsdimension attributesfor cases where the
embedded content has specific dimensions (e.g. ad units have well-defined dimensions).
Aniframe
element never hasfallback content,as it will always
create a new child navigable,regardless of whether the specified initial
contents are successfully used.
Thereferrerpolicy
attribute is a
referrer policy attribute.Its purpose is to set thereferrer policy
used whenprocessing theiframe
attributes.[REFERRERPOLICY]
Theloading
attribute is alazy
loading attribute.Its purpose is to indicate the policy for loadingiframe
elements that are outside the viewport.
When theloading
attribute's state is changed to the
Eagerstate, the user agent must run these
steps:
LetresumptionStepsbe theiframe
element'slazy load
resumption steps.
IfresumptionStepsis null, then return.
Set theiframe
'slazy load resumption stepsto null.
InvokeresumptionSteps.
Descendants ofiframe
elements represent nothing. (In legacy user agents that do
not supportiframe
elements, the contents would be parsed as markup that could act as
fallback content.)
TheHTML parsertreats markup insideiframe
elements as
text.
Support in all current engines.
The IDL attributessrc
,name
,sandbox
,andallow
must
reflectthe respective content attributes of the same name.
Support in all current engines.
Thesrcdoc
getter steps are:
Letattributebe the result of runningget an attribute by namespace and local
namegiven null,srcdoc
'slocal name,andthis.
Ifattributeis null, then return the empty string.
Returnattribute'svalue.
Thesrcdoc
setter steps
are:
LetcompliantStringbe the result of invoking theGet Trusted Type compliant stringalgorithm withTrustedHTML
,this'srelevant global
object,the given value, "HTMLIFrameElement srcdoc
",and"script
".
Set an attribute valuegiven
this,srcdoc
'slocal name,and
compliantString.
Thesupported tokensforsandbox
'sDOMTokenList
are the allowed
values defined in thesandbox
attribute and supported by
the user agent.
TheallowFullscreen
IDL attribute must
reflecttheallowfullscreen
content
attribute.
HTMLIFrameElement/referrerPolicy
Support in all current engines.
ThereferrerPolicy
IDL attribute must
reflectthereferrerpolicy
content
attribute,limited to only known values.
Theloading
IDL attribute mustreflecttheloading
content attribute,limited to only known
values.
HTMLIFrameElement/contentDocument
Support in all current engines.
ThecontentDocument
getter steps are to return the
this'scontent document.
HTMLIFrameElement/contentWindow
Support in all current engines.
ThecontentWindow
getter steps are to return
this'scontent window.
Here is an example of a page using aniframe
to include advertising from an
advertising broker:
< iframe src = "https://ads.example.com/?customerid=923513721&format=banner"
width = "468" height = "60" ></ iframe >
embed
elementSupport in all current engines.
Support in all current engines.
src
— Address of the resource
type
— Type of embedded resource
width
— Horizontal dimension
height
— Vertical dimension
[Exposed =Window ]
interface HTMLEmbedElement :HTMLElement {
[HTMLConstructor ]constructor ();
[CEReactions ]attribute USVString src ;
[CEReactions ]attribute DOMString type ;
[CEReactions ]attribute DOMString width ;
[CEReactions ]attribute DOMString height ;
Document ?getSVGDocument ();
//also has obsolete members
};
Theembed
element provides an integration point for an external application or
interactive content.
Thesrc
attribute
gives theURLof the resource being embedded. The attribute, if present, must contain
avalid non-empty URL potentially surrounded by spaces.
If theitemprop
attribute is specified on an
embed
element, then thesrc
attribute must also
be specified.
Thetype
attribute,
if present, gives theMIME typeby which the plugin to instantiate is selected. The
value must be avalid MIME type string.If both thetype
attribute and thesrc
attribute are present, then thetype
attribute must specify
the same type as theexplicit Content-Type metadataof the
resource given by thesrc
attribute.
While any of the following conditions are occurring, anyplugininstantiated for
the element must be removed, and theembed
elementrepresents
nothing:
The element has amedia elementancestor.
The element has an ancestorobject
element that isnotshowing its
fallback content.
Anembed
element is said to bepotentially
activewhen the following conditions are all met simultaneously:
The element isin a documentor wasin a documentthe last time theevent loopreachedstep 1.
The element'snode documentisfully active.
The element has either asrc
attribute set or a
type
attribute set (or both).
The element'ssrc
attribute is either absent or its
value is not the empty string.
The element is not a descendant of amedia element.
The element is not a descendant of anobject
element that is not showing its
fallback content.
The element isbeing rendered,or wasbeing renderedthe last time theevent loopreachedstep 1.
Whenever anembed
element that was notpotentially activebecomespotentially active,and whenever apotentially activeembed
element that is
remainingpotentially activeand has itssrc
attribute set, changed, or removed or itstype
attribute set, changed, or removed, the user agent must
queue an element taskon theembed task sourcegiven the element
to runtheembed
element setup stepsfor that element.
Theembed
element setup stepsfor a givenembed
element
elementare as follows:
If anothertaskhas since been queued to runthe
embed
element setup stepsforelement,then return.
Ifelementhas asrc
attribute set, then:
Leturlbe the result ofencoding-parsing a URLgiven
element'ssrc
attribute's value, relative to
element'snode document.
Ifurlis failure, then return.
Letrequestbe a newrequestwhose
URLisurl,clientiselement'snode
document'srelevant settings object,destinationis "embed
",
credentials modeis "include
",modeis "navigate
",initiator
typeis "embed
",and whoseuse-URL-credentials flag
is set.
Fetchrequest,withprocessResponseset to the following steps givenresponseresponse:
If anothertaskhas since been queued to run
theembed
element setup stepsforelement,then
return.
Ifresponseis anetwork error,thenfire an eventnamedload
atelement,and return.
Lettypebe the result of determining thetype of contentgivenelementand response.
Switch ontype:
Display no pluginforelement.
Ifelement'scontent navigableis null, then create a new child navigableforelement.
Navigateelement'scontent
navigabletoresponse'sURLusingelement'snode
document,withresponseset to
response,andhistoryHandlingset to "replace
".
element'ssrc
attribute
does not get updated if thecontent navigablegets further navigated to
other locations.
elementnowrepresentsitscontent navigable.
Fetching the resource mustdelay the load eventofelement's node document.
Otherwise,display no pluginforelement.
To determine thetype of the contentgiven an
embed
elementelementand aresponseresponse,run the following steps:
Ifelementhas atype
attribute, and that
attribute's value is a type that apluginsupports, then return the value of the
type
attribute.
If thepathcomponent ofresponse's urlmatches a pattern that aplugin supports, then return the type that that plugin can handle.
For example, a plugin might say that it can handle URLs withpathcomponents that end with the four character string
".swf
".
Ifresponsehasexplicit Content-Type metadata,and that value is a type that apluginsupports, then return that value.
Return null.
It is intentional that the above algorithm allowsresponseto have a non-ok status.This allows servers to return data for plugins even with error responses (e.g., HTTP 500 Internal Server Error codes can still contain plugin data).
Todisplay no pluginfor anembed
elementelement:
Destroy a child navigablegivenelement.
Display an indication that noplugincould be found forelement, as the contents ofelement.
elementnowrepresentsnothing.
Theembed
element has nofallback content;its
descendants are ignored.
Whenever anembed
element that waspotentially
activestops beingpotentially active,any
pluginthat had been instantiated for that element must be unloaded.
Theembed
elementpotentially delays the load event.
Theembed
element supportsdimension attributes.
The IDL attributessrc
andtype
each mustreflectthe respective content
attributes of the same name.
object
elementSupport in all current engines.
Support in all current engines.
data
— Address of the resource
type
— Type of embedded resource
name
— Name ofcontent navigable
form
— Associates the element with aform
element
width
— Horizontal dimension
height
— Vertical dimension
[Exposed =Window ]
interface HTMLObjectElement :HTMLElement {
[HTMLConstructor ]constructor ();
[CEReactions ]attribute USVString data ;
[CEReactions ]attribute DOMString type ;
[CEReactions ]attribute DOMString name ;
readonly attribute HTMLFormElement ?form ;
[CEReactions ]attribute DOMString width ;
[CEReactions ]attribute DOMString height ;
readonly attribute Document ?contentDocument ;
readonly attribute WindowProxy ?contentWindow ;
Document ?getSVGDocument ();
readonly attribute boolean willValidate ;
readonly attribute ValidityState validity ;
readonly attribute DOMString validationMessage ;
boolean checkValidity ();
boolean reportValidity ();
undefined setCustomValidity (DOMString error );
//also has obsolete members
};
Depending on the type of content instantiated by the
object
element, the node also supports other
interfaces.
Theobject
element can represent an external resource, which, depending on the
type of the resource, will either be treated as an image or as achild
navigable.
Thedata
attribute
specifies theURLof the resource. It must be present, and must contain a
valid non-empty URL potentially surrounded by spaces.
Thetype
attribute,
if present, specifies the type of the resource. If present, the attribute must be avalid
MIME type string.
Thename
attribute, if present, must be avalid navigable target name.The given value is
used to name the element'scontent navigable,if applicable, and if present when the
element'scontent navigableiscreated.
Whenever one of the following conditions occur:
object
elements changes to or from showing its
fallback content,
classid
attribute is set, changed, or
removed,
classid
attribute is not present, and
itsdata
attribute is set, changed, or removed,
classid
attribute nor its
data
attribute are present, and itstype
attribute is set, changed, or removed,
...the user agent mustqueue an element taskon theDOM manipulation task
sourcegiven theobject
element to run the following steps to (re)determine
what theobject
element represents. Thistask
beingqueuedor actively running mustdelay the load
eventof the element'snode document.
If the user has indicated a preference that thisobject
element'sfallback
contentbe shown instead of the element's usual behavior, then jump to the step below
labeledfallback.
For example, a user could ask for the element'sfallback contentto be shown because that content uses a format that the user finds more accessible.
If the element has an ancestormedia element,or has an ancestor
object
element that isnotshowing itsfallback content,or if
the element is notin a documentwhosebrowsing
contextis non-null, or if the element'snode documentis notfully
active,or if the element is still in thestack of open elementsof an
HTML parserorXML parser,or if the element is notbeing
rendered,then jump to the step below labeledfallback.
If thedata
attribute is present and its value is
not the empty string, then:
If thetype
attribute is present and its value is
not a type that the user agent supports, then the user agent may jump to the step below labeled
fallbackwithout fetching the content to examine its real type.
Leturlbe the result ofencoding-parsing a URLgiven thedata
attribute's value, relative to the element'snode
document.
Ifurlis failure, thenfire an
eventnamederror
at the element and jump to the step
below labeledfallback.
Letrequestbe a newrequestwhose
URLisurl,clientis the element'snode document's
relevant settings object,destinationis "object
",
credentials modeis "include
",modeis "navigate
",initiator
typeis "object
",and whoseuse-URL-credentials
flagis set.
Fetchrequest.
Fetching the resource mustdelay the load eventof the element'snode documentuntil thetaskthat isqueuedby thenetworking task sourceonce the resource has been fetched (defined next) has been run.
If the resource is not yet available (e.g. because the resource was not available in the cache, so that loading the resource required making a request over the network), then jump to the step below labeledfallback.Thetaskthat is queuedby thenetworking task sourceonce the resource is available must restart this algorithm from this step. Resources can load incrementally; user agents may opt to consider a resource "available" whenever enough data has been obtained to begin processing the resource.
If the load failed (e.g. there was an HTTP 404 error, there was a DNS error),fire an eventnamederror
at the element, then jump to the step below labeledfallback.
Determine theresource type,as follows:
Let theresource typebe unknown.
If the user agent is configured to strictly obey Content-Type headers for this resource, and the resource hasassociated Content-Type metadata, then let theresource typebe the type specified inthe resource's Content-Type metadata,and jump to the step below labeledhandler.
This can introduce a vulnerability, wherein a site is trying to embed a resource that uses a particular type, but the remote site overrides that and instead furnishes the user agent with a resource that triggers a different type of content with different security characteristics.
Run the appropriate set of steps from the following list:
Letbinarybe false.
If the type specified inthe resource's Content-Type
metadatais "text/plain
",and the result of applying therules for distinguishing if a resource is
text or binaryto the resource is that the resource is not
text/plain
,then setbinaryto true.
If the type specified inthe resource's Content-Type
metadatais "application/octet-stream
",then setbinaryto true.
Ifbinaryis false, then let theresource typebe the type specified inthe resource's Content-Type metadata,and jump to the step below labeledhandler.
If there is atype
attribute present on the
object
element, and its value is notapplication/octet-stream
,
then run the following steps:
If the attribute's value is a type that starts with "image/
"that is
not also anXML MIME type,then let theresource typebe the
type specified in thattype
attribute.
Jump to the step below labeledhandler.
If there is atype
attribute present on the
object
element, then let thetentative typebe the type
specified in thattype
attribute.
Otherwise, lettentative typebe thecomputed type of the resource.
Iftentative typeisnot
application/octet-stream
,then letresource typebe
tentative typeand jump to the step below labeled
handler.
If applying theURL parseralgorithm to theURLof the specified resource (after any redirects) results in aURL recordwhosepathcomponent matches a pattern that aplugin supports, then letresource typebe the type that that plugin can handle.
For example, a plugin might say that it can handle resources withpathcomponents that end with the four character string
".swf
".
It is possible for this step to finish, or for one of the substeps above to jump straight to the next step, withresource typestill being unknown. In both cases, the next step will trigger fallback.
Handler:Handle the content as given by the first of the following cases that matches:
image/
"If theobject
element'scontent navigableis null, then
create a new child navigablefor the element.
Letresponsebe theresponsefrom fetch.
Ifresponse'sURLdoes notmatchabout:blank
,then
navigatethe element'scontent navigableto
response'sURLusing the element's
node document,withhistoryHandlingset to
"replace
".
Thedata
attribute of the
object
element doesn't get updated if thecontent navigablegets
furthernavigatedto other locations.
Theobject
elementrepresentsitscontent
navigable.
image/
",and support
for images has not been disabledDestroy a child navigablegiven theobject
element.
Apply theimage sniffingrules to determine the type of the image.
Theobject
elementrepresentsthe specified image.
If the image cannot be rendered, e.g. because it is malformed or in an unsupported format, jump to the step below labeledfallback.
The givenresource typeis not supported. Jump to the step below labeledfallback.
If the previous step ended with theresource typebeing unknown, this is the case that is triggered.
The element's contents are not part of what theobject
element
represents.
If theobject
element does not represent itscontent navigable,
then once the resource is completely loaded,queue an element taskon the
DOM manipulation task sourcegiven theobject
element tofire an eventnamedload
at the element.
If the elementdoesrepresent itscontent navigable,
then an analogous task will be queued when the createdDocument
iscompletely finished loading.
Return.
Fallback:Theobject
elementrepresentsthe element's
children. This is the element'sfallback content.Destroy a child
navigablegiven the element.
Due to the algorithm above, the contents ofobject
elements act asfallback
content,used only when referenced resources can't be shown (e.g. because it returned a 404
error). This allows multipleobject
elements to be nested inside each other,
targeting multiple user agents with different capabilities, with the user agent picking the first
one it supports.
Theobject
elementpotentially delays the load event.
Theform
attribute is used to explicitly associate the
object
element with itsform owner.
Theobject
element supportsdimension attributes.
Support in all current engines.
Support in all current engines.
Support in all current engines.
The IDL attributesdata
,type
,andname
each mustreflectthe respective content
attributes of the same name.
HTMLObjectElement/contentDocument
Support in all current engines.
ThecontentDocument
getter steps are to return
this'scontent document.
HTMLObjectElement/contentWindow
Support in all current engines.
ThecontentWindow
getter steps are to return
this'scontent window.
ThewillValidate
,validity
,andvalidationMessage
attributes, and thecheckValidity()
,reportValidity()
,andsetCustomValidity()
methods, are part of the
constraint validation API.Theform
IDL attribute
is part of the element's forms API.
In this example, an HTML page is embedded in another using theobject
element.
< figure >
< object data = "clock.html" ></ object >
< figcaption > My HTML Clock</ figcaption >
</ figure >