Client-side includes

• To: www-security@ns2.rutgers.edu
• Subject: Client-side includes
• From: liberte@ncsa.uiuc.edu (Daniel LaLiberte)
• Date: Fri, 16 Aug 96 16:59:29 CDT

I'm wondering why there is no way to include HTML documents within
HTML documents.  But I am not asking the HTML question here.

One reason I've heard for the lack of this feature is security.  This
is easily refuted because of a couple features that would have just as
many security problems, if any.  Specifically: inline images and
frames.  Both can reference any document that the browser fetches
automatically when it fetches a document containing the reference.
Fetching a document might cause side effects that are not intended
by the user, but we know who to blame if such things occur.

So are there other security issues I am not aware of?

I can see potential intellectual properly issues, also true of images
and frames, and not related to security.  Let's stick to the security
question here.

Thanks for any insights.

--
Daniel LaLiberte (liberte@ncsa.uiuc.edu)
National Center for Supercomputing Applications
http://union.ncsa.uiuc.edu/~liberte/

• Previous: DOS and Macro Virus Discussion
• Next: Re: ActiveX security hole reported.
• Index(es):
  • Index
  • Thread