homan / browsersec

Automatically exported from code.google.com/p/browsersec
0 stars 0 forks source link

<object> element not considered #20

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Many of the security considerations for the <embed>, <iframe>, <img>, 
<applet> and <script> elements are also relevant to the <object> element, 
which is not discussed in this document.

Original issue reported on code.google.com by svd...@gmail.com on 17 Jul 2009 at 5:57

GoogleCodeExporter commented 9 years ago
<OBJECT> is discussed in a number of places, though explicit test results are 
indeed
given only for <EMBED> and <APPLET>, with the assumption that <OBJECT> behaves 
in a
manner similar to <EMBED>. Are you aware of any cases to the contrary? Either 
way, I
will try to clarify.

Original comment by lcam...@gmail.com on 28 Jul 2009 at 10:03