[2662] in WWW Security List Archive
Client-side includes
daemon@ATHENA.MIT.EDU (Daniel LaLiberte)
Fri Aug 16 19:49:14 1996
Date: Fri, 16 Aug 96 16:59:29 CDT
From: liberte@ncsa.uiuc.edu (Daniel LaLiberte)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I'm wondering why there is no way to include HTML documents within
HTML documents. But I am not asking the HTML question here.
One reason I've heard for the lack of this feature is security. This
is easily refuted because of a couple features that would have just as
many security problems, if any. Specifically: inline images and
frames. Both can reference any document that the browser fetches
automatically when it fetches a document containing the reference.
Fetching a document might cause side effects that are not intended
by the user, but we know who to blame if such things occur.
So are there other security issues I am not aware of?
I can see potential intellectual properly issues, also true of images
and frames, and not related to security. Let's stick to the security
question here.
Thanks for any insights.
--
Daniel LaLiberte (liberte@ncsa.uiuc.edu)
National Center for Supercomputing Applications
http://union.ncsa.uiuc.edu/~liberte/
