Living Standard — Last Updated 22 November 2024
iframe
elementSupport in all current engines.
Support in all current engines.
src
— Address of the resource
srcdoc
— A document to render in the iframe
name
— Name of content navigable
sandbox
— Security rules for nested content
allow
— Permissions policy to be applied to the iframe
's contents
allowfullscreen
— Whether to allow the iframe
's contents to use requestFullscreen()
width
— Horizontal dimension
height
— Vertical dimension
referrerpolicy
— Referrer policy for fetches initiated by the element
loading
— Used when determining loading deferral
[Exposed =Window ]
interface HTMLIFrameElement : HTMLElement {
[HTMLConstructor ] constructor ();
[CEReactions ] attribute USVString src ;
[CEReactions ] attribute (TrustedHTML
or DOMString ) srcdoc ;
[CEReactions ] attribute DOMString name ;
[SameObject , PutForwards =value ] readonly attribute DOMTokenList sandbox ;
[CEReactions ] attribute DOMString allow ;
[CEReactions ] attribute boolean allowFullscreen ;
[CEReactions ] attribute DOMString width ;
[CEReactions ] attribute DOMString height ;
[CEReactions ] attribute DOMString referrerPolicy ;
[CEReactions ] attribute DOMString loading ;
readonly attribute Document ? contentDocument ;
readonly attribute WindowProxy ? contentWindow ;
Document ? getSVGDocument ();
// also has obsolete members
};
The iframe
element represents its content navigable.
The src
attribute
gives the URL of a page that the element's content navigable is to
contain. The attribute, if present, must be a valid non-empty URL potentially surrounded by
spaces. If the itemprop
attribute is specified on an
iframe
element, then the src
attribute must
also be specified.
Support in all current engines.
The srcdoc
attribute gives the content of the page that the element's content navigable is to
contain. The value of the attribute is used to construct an iframe
srcdoc
document, which is a Document
whose
URL matches about:srcdoc
.
The srcdoc
attribute, if present, must have a value
using the HTML syntax that consists of the following syntactic components, in the
given order:
html
element.The above requirements apply in XML documents as well.
Here a blog uses the srcdoc
attribute in conjunction
with the sandbox
attribute described below to provide
users of user agents that support this feature with an extra layer of protection from script
injection in the blog post comments:
< article >
< h1 > I got my own magazine!</ h1 >
< p > After much effort, I've finally found a publisher, and so now I
have my own magazine! Isn't that awesome?! The first issue will come
out in September, and we have articles about getting food, and about
getting in boxes, it's going to be great!</ p >
< footer >
< p > Written by < a href = "/users/cap" > cap</ a > , 1 hour ago.
</ footer >
< article >
< footer > Thirteen minutes ago, < a href = "/users/ch" > ch</ a > wrote: </ footer >
< iframe sandbox srcdoc = "<p>did you get a cover picture yet?" ></ iframe >
</ article >
< article >
< footer > Nine minutes ago, < a href = "/users/cap" > cap</ a > wrote: </ footer >
< iframe sandbox srcdoc = "<p>Yeah, you can see it <a href="/gallery?mode=cover&amp;page=1">in my gallery</a>." ></ iframe >
</ article >
< article >
< footer > Five minutes ago, < a href = "/users/ch" > ch</ a > wrote: </ footer >
< iframe sandbox srcdoc = "<p>hey that's earl's table.
<p>you should get earl&amp;me on the next cover." ></ iframe >
</ article >
Notice the way that quotes have to be escaped (otherwise the srcdoc
attribute would end prematurely), and the way raw
ampersands (e.g. in URLs or in prose) mentioned in the sandboxed content have to be
doubly escaped — once so that the ampersand is preserved when originally parsing
the srcdoc
attribute, and once more to prevent the
ampersand from being misinterpreted when parsing the sandboxed content.
Furthermore, notice that since the DOCTYPE is optional in
iframe
srcdoc
documents, and the html
,
head
, and body
elements have optional
start and end tags, and the title
element is also optional in iframe
srcdoc
documents, the markup in a srcdoc
attribute can be
relatively succinct despite representing an entire document, since only the contents of the
body
element need appear literally in the syntax. The other elements are still
present, but only by implication.
In the HTML syntax, authors need only remember to use U+0022
QUOTATION MARK characters (") to wrap the attribute contents and then to escape all U+0026
AMPERSAND (&) and U+0022 QUOTATION MARK (") characters, and to specify the sandbox
attribute, to ensure safe embedding of content. (And
remember to escape ampersands before quotation marks, to ensure quotation marks become "
and not &quot;.)
In XML the U+003C LESS-THAN SIGN character (<) needs to be escaped as well. In order to prevent attribute-value normalization, some of XML's whitespace characters — specifically U+0009 CHARACTER TABULATION (tab), U+000A LINE FEED (LF), and U+000D CARRIAGE RETURN (CR) — also need to be escaped. [XML]
If the src
attribute and the srcdoc
attribute are both specified together, the srcdoc
attribute takes priority. This allows authors to provide
a fallback URL for legacy user agents that do not support the srcdoc
attribute.
The iframe
HTML element insertion steps, given
insertedNode, are:
If insertedNode's shadow-including root's browsing context is null, then return.
Create a new child navigable for insertedNode.
If insertedNode has a sandbox
attribute, then parse the sandboxing
directive given the attribute's value and insertedNode's
iframe
sandboxing flag set.
Process the iframe
attributes for insertedNode, with
initialInsertion set to true.
The iframe
HTML element removing steps, given
removedNode, are to destroy a child navigable given
removedNode.
This happens without any unload
events firing
(the element's content document is destroyed, not unloaded).
Although iframe
s are processed while in a shadow tree,
per the above, several other aspects of their behavior are not well-defined with regards to
shadow trees. See issue #763 for more
detail.
Whenever an iframe
element with a non-null content navigable has its
srcdoc
attribute set, changed, or removed, the user
agent must process the iframe
attributes.
Similarly, whenever an iframe
element with a non-null content
navigable but with no srcdoc
attribute specified
has its src
attribute set, changed, or removed, the user
agent must process the iframe
attributes.
To process the iframe
attributes for an element element,
with an optional boolean initialInsertion (default false):
If element's srcdoc
attribute is
specified, then:
Set element's current navigation was lazy loaded boolean to false.
If the will lazy load element steps given element return true, then:
Set element's lazy load resumption steps to the rest of this algorithm starting with the step labeled navigate to the srcdoc resource.
Set element's current navigation was lazy loaded boolean to true.
Start intersection-observing a lazy loading element for element.
Return.
Navigate to the srcdoc resource: Navigate an iframe
or
frame
given element, about:srcdoc
, the empty
string, and the value of element's srcdoc
attribute.
The resulting Document
must be considered an iframe
srcdoc
document.
Otherwise:
Let url be the result of running the shared attribute processing steps
for iframe
and frame
elements given element and
initialInsertion.
If url is null, then return.
If url matches about:blank
and
initialInsertion is true, then:
Run the iframe load event steps given element.
Return.
Let referrerPolicy be the current state of element's referrerpolicy
content attribute.
Set element's current navigation was lazy loaded boolean to false.
If the will lazy load element steps given element return true, then:
Set element's lazy load resumption steps to the rest of this algorithm starting with the step labeled navigate.
Set element's current navigation was lazy loaded boolean to true.
Start intersection-observing a lazy loading element for element.
Return.
Navigate: Navigate an iframe
or frame
given element, url, and referrerPolicy.
The shared attribute processing steps
for iframe
and frame
elements, given an element
element and a boolean initialInsertion, are:
Let url be the URL record about:blank
.
If element has a src
attribute specified,
and its value is not the empty string, then:
Let maybeURL be the result of encoding-parsing a URL given that attribute's value, relative to element's node document.
If maybeURL is not failure, then set url to maybeURL.
If the inclusive ancestor navigables of element's node navigable contains a navigable whose active document's URL equals url with exclude fragments set to true, then return null.
If url matches about:blank
and
initialInsertion is true, then perform the URL and history update steps
given element's content navigable's active
document and url.
This is necessary in case url is something like about:blank?foo
. If url is just plain about:blank
, this will do nothing.
Return url.
To navigate an iframe
or frame
given an element
element, a URL url, a referrer policy
referrerPolicy, and an optional string-or-null srcdocString (default
null):
Let historyHandling be "auto
".
If element's content navigable's active document is not completely loaded, then set
historyHandling to "replace
".
If element is an iframe
, then set element's pending resource-timing start time to
the current high resolution time given element's
node document's relevant global object.
Navigate element's content navigable to url using element's node document, with historyHandling set to historyHandling, referrerPolicy set to referrerPolicy, and documentResource set to srcdocString.
Each Document
has an iframe load in progress flag and a mute
iframe load flag. When a Document
is created, these flags must be unset for
that Document
.
To run the iframe load event steps, given an iframe
element
element:
Assert: element's content navigable is not null.
Let childDocument be element's content navigable's active document.
If childDocument has its mute iframe load flag set, then return.
If element's pending resource-timing start time is not null, then:
Let global be element's node document's relevant global object.
Let fallbackTimingInfo be a new fetch timing info whose start time is element's pending resource-timing start time and whose response end time is the current high resolution time given global.
Mark resource timing given fallbackTimingInfo, url,
"iframe
", global, the empty string, a new
response body info, and 0.
Set element's pending resource-timing start time to null.
Set childDocument's iframe load in progress flag.
Fire an event named load
at element.
Unset childDocument's iframe load in progress flag.
This, in conjunction with scripting, can be used to probe the URL space of the local network's HTTP servers. User agents may implement cross-origin access control policies that are stricter than those described above to mitigate this attack, but unfortunately such policies are typically not compatible with existing web content.
If an element type potentially delays the load event, then for each element element of that type, the user agent must delay the load event of element's node document if element's content navigable is non-null and any of the following are true:
element's content navigable's active document is not ready for post-load tasks;
element's content navigable's is delaying load
events is true; or
anything is delaying the load event of element's content navigable's active document.
If, during the handling of the load
event,
element's content navigable is again navigated, that will further delay the load event.
Each iframe
element has an associated current navigation was lazy
loaded boolean, initially false. It is set and unset in the process the
iframe
attributes algorithm.
An iframe
element whose current navigation was lazy loaded boolean is
false potentially delays the load event.
Each iframe
element has an associated null or
DOMHighResTimeStamp
pending resource-timing start time,
initially set to null.
If, when the element is created, the srcdoc
attribute is not set, and the src
attribute is either also not set or set but its value cannot
be parsed, the element's content
navigable will remain at the initial
about:blank
Document
.
If the user navigates away from this page, the
iframe
's content navigable's active
WindowProxy
object will proxy new Window
objects for new
Document
objects, but the src
attribute will
not change.
The name
attribute, if present, must be a valid navigable target name. The given value is
used to name the element's content navigable if present when that is created.
Support in all current engines.
The sandbox
attribute, when specified, enables a set of extra restrictions on any content hosted by the
iframe
. Its value must be an unordered set of unique space-separated
tokens that are ASCII case-insensitive. The allowed values are:
allow-downloads
allow-forms
allow-modals
allow-orientation-lock
allow-pointer-lock
allow-popups
allow-popups-to-escape-sandbox
allow-presentation
allow-same-origin
allow-scripts
allow-top-navigation
allow-top-navigation-by-user-activation
allow-top-navigation-to-custom-protocols
When the attribute is set, the content is treated as being from a unique opaque origin, forms, scripts, and various potentially
annoying APIs are disabled, and links are prevented from targeting other navigables. The allow-same-origin
keyword causes the
content to be treated as being from its real origin instead of forcing it into an opaque origin; the allow-top-navigation
keyword allows the
content to navigate its traversable navigable;
the allow-top-navigation-by-user-activation
keyword behaves similarly but allows such navigation only when the
browsing context's active window has transient
activation; the allow-top-navigation-to-custom-protocols
reenables navigations toward non fetch scheme to be handed off to external software; and the allow-forms
, allow-modals
, allow-orientation-lock
, allow-pointer-lock
, allow-popups
, allow-presentation
, allow-scripts
, and allow-popups-to-escape-sandbox
keywords re-enable forms, modal dialogs, screen orientation lock, the pointer lock API, popups,
the presentation API, scripts, and the creation of unsandboxed auxiliary browsing contexts respectively. The allow-downloads
keyword allows content to
perform downloads. [POINTERLOCK] [SCREENORIENTATION] [PRESENTATION]
The allow-top-navigation
and allow-top-navigation-by-user-activation
keywords must not both be specified, as doing so is redundant; only allow-top-navigation
will have an effect
in such non-conformant markup.
Similarly, the allow-top-navigation-to-custom-protocols
keyword must not be specified if either allow-top-navigation
or allow-popups
are specified, as doing so is
redundant.
To allow alert()
, confirm()
, and prompt()
inside
sandboxed content, both the allow-modals
and allow-same-origin
keywords need to
be specified, and the loaded URL needs to be same origin with the top-level
origin. Without the allow-same-origin
keyword, the content is
always treated as cross-origin, and cross-origin content cannot show simple
dialogs.
Setting both the allow-scripts
and allow-same-origin
keywords together when the
embedded page has the same origin as the page containing the iframe
allows the embedded page to simply remove the sandbox
attribute and then reload itself, effectively breaking out of the sandbox altogether.
These flags only take effect when the content navigable of the
iframe
element is navigated. Removing them, or
removing the entire sandbox
attribute, has no effect on
an already-loaded page.
Potentially hostile files should not be served from the same server as the file
containing the iframe
element. Sandboxing hostile content is of minimal help if an
attacker can convince the user to just visit the hostile content directly, rather than in the
iframe
. To limit the damage that can be caused by hostile HTML content, it should be
served from a separate dedicated domain. Using a different domain ensures that scripts in the
files are unable to attack the site, even if the user is tricked into visiting those pages
directly, without the protection of the sandbox
attribute.
When an iframe
element's sandbox
attribute is set or changed while it has a non-null content navigable, the user
agent must parse the sandboxing directive
given the attribute's value and the iframe
element's iframe
sandboxing flag set.
When an iframe
element's sandbox
attribute is removed while it has a non-null content navigable, the user agent must
empty the iframe
element's iframe
sandboxing flag set.
In this example, some completely-unknown, potentially hostile, user-provided HTML content is embedded in a page. Because it is served from a separate domain, it is affected by all the normal cross-site restrictions. In addition, the embedded page has scripting disabled, plugins disabled, forms disabled, and it cannot navigate any frames or windows other than itself (or any frames or windows it itself embeds).
< p > We're not scared of you! Here is your content, unedited:</ p >
< iframe sandbox src = "https://usercontent.example.net/getusercontent.cgi?id=12193" ></ iframe >
It is important to use a separate domain so that if the attacker convinces the user to visit that page directly, the page doesn't run in the context of the site's origin, which would make the user vulnerable to any attack found in the page.
In this example, a gadget from another site is embedded. The gadget has scripting and forms enabled, and the origin sandbox restrictions are lifted, allowing the gadget to communicate with its originating server. The sandbox is still useful, however, as it disables plugins and popups, thus reducing the risk of the user being exposed to malware and other annoyances.
< iframe sandbox = "allow-same-origin allow-forms allow-scripts"
src = "https://maps.example.com/embedded.html" ></ iframe >
Suppose a file A contained the following fragment:
< iframe sandbox = "allow-same-origin allow-forms" src = B ></ iframe >
Suppose that file B contained an iframe also:
< iframe sandbox = "allow-scripts" src = C ></ iframe >
Further, suppose that file C contained a link:
< a href = D > Link</ a >
For this example, suppose all the files were served as text/html
.
Page C in this scenario has all the sandboxing flags set. Scripts are disabled, because the
iframe
in A has scripts disabled, and this overrides the allow-scripts
keyword set on the
iframe
in B. Forms are also disabled, because the inner iframe
(in B)
does not have the allow-forms
keyword
set.
Suppose now that a script in A removes all the sandbox
attributes in A and B.
This would change nothing immediately. If the user clicked the link in C, loading page D into
the iframe
in B, page D would now act as if the iframe
in B had the
allow-same-origin
and allow-forms
keywords set, because that was the
state of the content navigable in the iframe
in A when page B was
loaded.
Generally speaking, dynamically removing or changing the sandbox
attribute is ill-advised, because it can make it quite
hard to reason about what will be allowed and what will not.
The allow
attribute, when specified, determines the container
policy that will be used when the permissions policy for a
Document
in the iframe
's content navigable is initialized.
Its value must be a serialized permissions
policy. [PERMISSIONSPOLICY]
In this example, an iframe
is used to embed a map from an online navigation
service. The allow
attribute is used to enable the
Geolocation API within the nested context.
< iframe src = "https://maps.example.com/" allow = "geolocation" ></ iframe >
The allowfullscreen
attribute is a boolean
attribute. When specified, it indicates that Document
objects in the
iframe
element's content navigable will be initialized with a permissions policy which allows the "fullscreen
" feature to be used from any origin. This is enforced by
the process permissions policy
attributes algorithm. [PERMISSIONSPOLICY]
Here, an iframe
is used to embed a player from a video site. The allowfullscreen
attribute is needed to enable the
player to show its video fullscreen.
< article >
< header >
< p >< img src = "/usericons/1627591962735" > < b > Fred Flintstone</ b ></ p >
< p >< a href = "/posts/3095182851" rel = bookmark > 12:44</ a > — < a href = "#acl-3095182851" > Private Post</ a ></ p >
</ header >
< p > Check out my new ride!</ p >
< iframe src = "https://video.example.com/embed?id=92469812" allowfullscreen ></ iframe >
</ article >
Neither allow
nor allowfullscreen
can grant access to a feature in an
iframe
element's content navigable if the element's node
document is not already allowed to use that feature.
To determine whether a Document
object document
is allowed to use the policy-controlled-feature feature, run these
steps:
If document's browsing context is null, then return false.
If document is not fully active, then return false.
If the result of running is feature enabled in document
for origin on feature, document, and document's origin is "Enabled
", then return
true.
Return false.
Because they only influence the permissions policy of the content
navigable's active document, the allow
and allowfullscreen
attributes only take effect when the
content navigable of the iframe
is navigated. Adding or removing them has no effect on an already-loaded
document.
The iframe
element supports dimension attributes for cases where the
embedded content has specific dimensions (e.g. ad units have well-defined dimensions).
An iframe
element never has fallback content, as it will always
create a new child navigable, regardless of whether the specified initial
contents are successfully used.
The referrerpolicy
attribute is a
referrer policy attribute. Its purpose is to set the referrer policy
used when processing the iframe
attributes. [REFERRERPOLICY]
The loading
attribute is a lazy
loading attribute. Its purpose is to indicate the policy for loading iframe
elements that are outside the viewport.
When the loading
attribute's state is changed to the
Eager state, the user agent must run these
steps:
Let resumptionSteps be the iframe
element's lazy load
resumption steps.
If resumptionSteps is null, then return.
Set the iframe
's lazy load resumption steps to null.
Invoke resumptionSteps.
Descendants of iframe
elements represent nothing. (In legacy user agents that do
not support iframe
elements, the contents would be parsed as markup that could act as
fallback content.)
The HTML parser treats markup inside iframe
elements as
text.
Support in all current engines.
The IDL attributes src
, name
, sandbox
, and allow
must
reflect the respective content attributes of the same name.
Support in all current engines.
The srcdoc
getter steps are:
Let attribute be the result of running get an attribute by namespace and local
name given null, srcdoc
's local name, and this.
If attribute is null, then return the empty string.
Return attribute's value.
The srcdoc
setter steps
are:
Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML
, this's relevant global
object, the given value, "HTMLIFrameElement srcdoc
", and "script
".
Set an attribute value given
this, srcdoc
's local name, and
compliantString.
The supported tokens for sandbox
's DOMTokenList
are the allowed
values defined in the sandbox
attribute and supported by
the user agent.
The allowFullscreen
IDL attribute must
reflect the allowfullscreen
content
attribute.
HTMLIFrameElement/referrerPolicy
Support in all current engines.
The referrerPolicy
IDL attribute must
reflect the referrerpolicy
content
attribute, limited to only known values.
The loading
IDL attribute must reflect the loading
content attribute, limited to only known
values.
HTMLIFrameElement/contentDocument
Support in all current engines.
The contentDocument
getter steps are to return the
this's content document.
HTMLIFrameElement/contentWindow
Support in all current engines.
The contentWindow
getter steps are to return
this's content window.
Here is an example of a page using an iframe
to include advertising from an
advertising broker:
< iframe src = "https://ads.example.com/?customerid=923513721&format=banner"
width = "468" height = "60" ></ iframe >
embed
elementSupport in all current engines.
Support in all current engines.
src
— Address of the resource
type
— Type of embedded resource
width
— Horizontal dimension
height
— Vertical dimension
[Exposed =Window ]
interface HTMLEmbedElement : HTMLElement {
[HTMLConstructor ] constructor ();
[CEReactions ] attribute USVString src ;
[CEReactions ] attribute DOMString type ;
[CEReactions ] attribute DOMString width ;
[CEReactions ] attribute DOMString height ;
Document ? getSVGDocument ();
// also has obsolete members
};
The embed
element provides an integration point for an external application or
interactive content.
The src
attribute
gives the URL of the resource being embedded. The attribute, if present, must contain
a valid non-empty URL potentially surrounded by spaces.
If the itemprop
attribute is specified on an
embed
element, then the src
attribute must also
be specified.
The type
attribute,
if present, gives the MIME type by which the plugin to instantiate is selected. The
value must be a valid MIME type string. If both the type
attribute and the src
attribute are present, then the type
attribute must specify
the same type as the explicit Content-Type metadata of the
resource given by the src
attribute.
While any of the following conditions are occurring, any plugin instantiated for
the element must be removed, and the embed
element represents
nothing:
The element has neither a src
attribute nor a type
attribute.
The element has a media element ancestor.
The element has an ancestor object
element that is not showing its
fallback content.
An embed
element is said to be potentially
active when the following conditions are all met simultaneously:
The element is in a document or was in a document the last time the event loop reached step 1.
The element's node document is fully active.
The element has either a src
attribute set or a
type
attribute set (or both).
The element's src
attribute is either absent or its
value is not the empty string.
The element is not a descendant of a media element.
The element is not a descendant of an object
element that is not showing its
fallback content.
The element is being rendered, or was being rendered the last time the event loop reached step 1.
Whenever an embed
element that was not potentially active becomes potentially active, and whenever a potentially active embed
element that is
remaining potentially active and has its src
attribute set, changed, or removed or its type
attribute set, changed, or removed, the user agent must
queue an element task on the embed task source given the element
to run the embed
element setup steps for that element.
The embed
element setup steps for a given embed
element
element are as follows:
If another task has since been queued to run the
embed
element setup steps for element, then return.
If element has a src
attribute set, then:
Let url be the result of encoding-parsing a URL given
element's src
attribute's value, relative to
element's node document.
If url is failure, then return.
Let request be a new request whose
URL is url, client is element's node
document's relevant settings object, destination is "embed
",
credentials mode is "include
", mode is "navigate
", initiator
type is "embed
", and whose use-URL-credentials flag
is set.
Fetch request, with processResponse set to the following steps given response response:
If another task has since been queued to run
the embed
element setup steps for element, then
return.
If response is a network error, then fire an event named load
at element, and return.
Let type be the result of determining the type of content given element and response.
Switch on type:
Display no plugin for element.
If element's content navigable is null, then create a new child navigable for element.
Navigate element's content
navigable to response's URL using element's node
document, with response set to
response, and historyHandling set to "replace
".
element's src
attribute
does not get updated if the content navigable gets further navigated to
other locations.
element now represents its content navigable.
Fetching the resource must delay the load event of element's node document.
Otherwise, display no plugin for element.
To determine the type of the content given an
embed
element element and a response response, run the following steps:
If element has a type
attribute, and that
attribute's value is a type that a plugin supports, then return the value of the
type
attribute.
If the path component of response's url matches a pattern that a plugin supports, then return the type that that plugin can handle.
For example, a plugin might say that it can handle URLs with path components that end with the four character string
".swf
".
If response has explicit Content-Type metadata, and that value is a type that a plugin supports, then return that value.
Return null.
It is intentional that the above algorithm allows response to have a non-ok status. This allows servers to return data for plugins even with error responses (e.g., HTTP 500 Internal Server Error codes can still contain plugin data).
To display no plugin for an embed
element element:
Destroy a child navigable given element.
Display an indication that no plugin could be found for element, as the contents of element.
element now represents nothing.
The embed
element has no fallback content; its
descendants are ignored.
Whenever an embed
element that was potentially
active stops being potentially active, any
plugin that had been instantiated for that element must be unloaded.
The embed
element potentially delays the load event.
The embed
element supports dimension attributes.
The IDL attributes src
and type
each must reflect the respective content
attributes of the same name.
object
elementSupport in all current engines.
Support in all current engines.
data
— Address of the resource
type
— Type of embedded resource
name
— Name of content navigable
form
— Associates the element with a form
element
width
— Horizontal dimension
height
— Vertical dimension
[Exposed =Window ]
interface HTMLObjectElement : HTMLElement {
[HTMLConstructor ] constructor ();
[CEReactions ] attribute USVString data ;
[CEReactions ] attribute DOMString type ;
[CEReactions ] attribute DOMString name ;
readonly attribute HTMLFormElement ? form ;
[CEReactions ] attribute DOMString width ;
[CEReactions ] attribute DOMString height ;
readonly attribute Document ? contentDocument ;
readonly attribute WindowProxy ? contentWindow ;
Document ? getSVGDocument ();
readonly attribute boolean willValidate ;
readonly attribute ValidityState validity ;
readonly attribute DOMString validationMessage ;
boolean checkValidity ();
boolean reportValidity ();
undefined setCustomValidity (DOMString error );
// also has obsolete members
};
Depending on the type of content instantiated by the
object
element, the node also supports other
interfaces.
The object
element can represent an external resource, which, depending on the
type of the resource, will either be treated as an image or as a child
navigable.
The data
attribute
specifies the URL of the resource. It must be present, and must contain a
valid non-empty URL potentially surrounded by spaces.
The type
attribute,
if present, specifies the type of the resource. If present, the attribute must be a valid
MIME type string.
The name
attribute, if present, must be a valid navigable target name. The given value is
used to name the element's content navigable, if applicable, and if present when the
element's content navigable is created.
Whenever one of the following conditions occur:
object
elements changes to or from showing its
fallback content,
classid
attribute is set, changed, or
removed,
classid
attribute is not present, and
its data
attribute is set, changed, or removed,
classid
attribute nor its
data
attribute are present, and its type
attribute is set, changed, or removed,
...the user agent must queue an element task on the DOM manipulation task
source given the object
element to run the following steps to (re)determine
what the object
element represents. This task
being queued or actively running must delay the load
event of the element's node document.
If the user has indicated a preference that this object
element's fallback
content be shown instead of the element's usual behavior, then jump to the step below
labeled fallback.
For example, a user could ask for the element's fallback content to be shown because that content uses a format that the user finds more accessible.
If the element has an ancestor media element, or has an ancestor
object
element that is not showing its fallback content, or if
the element is not in a document whose browsing
context is non-null, or if the element's node document is not fully
active, or if the element is still in the stack of open elements of an
HTML parser or XML parser, or if the element is not being
rendered, then jump to the step below labeled fallback.
If the data
attribute is present and its value is
not the empty string, then:
If the type
attribute is present and its value is
not a type that the user agent supports, then the user agent may jump to the step below labeled
fallback without fetching the content to examine its real type.
Let url be the result of encoding-parsing a URL given the data
attribute's value, relative to the element's node
document.
If url is failure, then fire an
event named error
at the element and jump to the step
below labeled fallback.
Let request be a new request whose
URL is url, client is the element's node document's
relevant settings object, destination is "object
",
credentials mode is "include
", mode is "navigate
", initiator
type is "object
", and whose use-URL-credentials
flag is set.
Fetch request.
Fetching the resource must delay the load event of the element's node document until the task that is queued by the networking task source once the resource has been fetched (defined next) has been run.
If the resource is not yet available (e.g. because the resource was not available in the cache, so that loading the resource required making a request over the network), then jump to the step below labeled fallback. The task that is queued by the networking task source once the resource is available must restart this algorithm from this step. Resources can load incrementally; user agents may opt to consider a resource "available" whenever enough data has been obtained to begin processing the resource.
If the load failed (e.g. there was an HTTP 404 error, there was a DNS error), fire an event named error
at the element, then jump to the step below labeled fallback.
Determine the resource type, as follows:
Let the resource type be unknown.
If the user agent is configured to strictly obey Content-Type headers for this resource, and the resource has associated Content-Type metadata, then let the resource type be the type specified in the resource's Content-Type metadata, and jump to the step below labeled handler.
This can introduce a vulnerability, wherein a site is trying to embed a resource that uses a particular type, but the remote site overrides that and instead furnishes the user agent with a resource that triggers a different type of content with different security characteristics.
Run the appropriate set of steps from the following list:
Let binary be false.
If the type specified in the resource's Content-Type
metadata is "text/plain
", and the result of applying the rules for distinguishing if a resource is
text or binary to the resource is that the resource is not
text/plain
, then set binary to true.
If the type specified in the resource's Content-Type
metadata is "application/octet-stream
", then set binary to true.
If binary is false, then let the resource type be the type specified in the resource's Content-Type metadata, and jump to the step below labeled handler.
If there is a type
attribute present on the
object
element, and its value is not application/octet-stream
,
then run the following steps:
If the attribute's value is a type that starts with "image/
" that is
not also an XML MIME type, then let the resource type be the
type specified in that type
attribute.
Jump to the step below labeled handler.
If there is a type
attribute present on the
object
element, then let the tentative type be the type
specified in that type
attribute.
Otherwise, let tentative type be the computed type of the resource.
If tentative type is not
application/octet-stream
, then let resource type be
tentative type and jump to the step below labeled
handler.
If applying the URL parser algorithm to the URL of the specified resource (after any redirects) results in a URL record whose path component matches a pattern that a plugin supports, then let resource type be the type that that plugin can handle.
For example, a plugin might say that it can handle resources with path components that end with the four character string
".swf
".
It is possible for this step to finish, or for one of the substeps above to jump straight to the next step, with resource type still being unknown. In both cases, the next step will trigger fallback.
Handler: Handle the content as given by the first of the following cases that matches:
image/
"If the object
element's content navigable is null, then
create a new child navigable for the element.
Let response be the response from fetch.
If response's URL does not match about:blank
, then
navigate the element's content navigable to
response's URL using the element's
node document, with historyHandling set to
"replace
".
The data
attribute of the
object
element doesn't get updated if the content navigable gets
further navigated to other locations.
The object
element represents its content
navigable.
image/
", and support
for images has not been disabledDestroy a child navigable given the object
element.
Apply the image sniffing rules to determine the type of the image.
The object
element represents the specified image.
If the image cannot be rendered, e.g. because it is malformed or in an unsupported format, jump to the step below labeled fallback.
The given resource type is not supported. Jump to the step below labeled fallback.
If the previous step ended with the resource type being unknown, this is the case that is triggered.
The element's contents are not part of what the object
element
represents.
If the object
element does not represent its content navigable,
then once the resource is completely loaded, queue an element task on the
DOM manipulation task source given the object
element to fire an event named load
at the element.
If the element does represent its content navigable,
then an analogous task will be queued when the created Document
is completely finished loading.
Return.
Fallback: The object
element represents the element's
children. This is the element's fallback content. Destroy a child
navigable given the element.
Due to the algorithm above, the contents of object
elements act as fallback
content, used only when referenced resources can't be shown (e.g. because it returned a 404
error). This allows multiple object
elements to be nested inside each other,
targeting multiple user agents with different capabilities, with the user agent picking the first
one it supports.
The object
element potentially delays the load event.
The form
attribute is used to explicitly associate the
object
element with its form owner.
The object
element supports dimension attributes.
Support in all current engines.
Support in all current engines.
Support in all current engines.
The IDL attributes data
, type
, and name
each must reflect the respective content
attributes of the same name.
HTMLObjectElement/contentDocument
Support in all current engines.
The contentDocument
getter steps are to return
this's content document.
HTMLObjectElement/contentWindow
Support in all current engines.
The contentWindow
getter steps are to return
this's content window.
The willValidate
, validity
, and validationMessage
attributes, and the checkValidity()
, reportValidity()
, and setCustomValidity()
methods, are part of the
constraint validation API. The form
IDL attribute
is part of the element's forms API.
In this example, an HTML page is embedded in another using the object
element.
< figure >
< object data = "clock.html" ></ object >
< figcaption > My HTML Clock</ figcaption >
</ figure >