mdn/html/1_multimedia_and_embedding/2_from_object_to_iframe

2_from_object_to_iframe

dz / mdn / html / 1_multimedia_and_embedding / 2_from_object_to_iframe

Summary

From object To iframe

Node Tree

Nodes

frames
content Frames
children parts_of_website_individual_html (description), frameset

parts_of_website_individual_html
content Parts of website stored in individual HTML pages
parents frames

frameset
content frameset
children master_doc_frames_stored (description)
parents frames

master_doc_frames_stored
content Master document where frames are stored
parents frameset

plugin_technologies
content Plugin Technologies
children java_applets, tag_embed, tag_object, flash

java_applets
content Java Applets
parents plugin_technologies

flash
content flash
parents plugin_technologies

tag_object
content <object>
children tag_embed (less used than)
parents mdn/html/elements, plugin_technologies

tag_embed
content <embed>
parents tag_object, mdn/html/elements, plugin_technologies

iframe
content IFrame
children other_ways_to_embed_content, security, tag_iframe, embed_webpage_inside_another (description)

embed_webpage_inside_another
content Embed entire webpage inside another, as if it were <img> or such element
parents iframe

tag_iframe
content <canvas>
children sandbox, src, width_height, allow_fullscreen, border
parents iframe, mdn/html/elements

other_ways_to_embed_content
content Other ways of embedding content
children tag_canvas, tag_video
parents iframe

tag_video
content <video>
parents mdn/html/elements, other_ways_to_embed_content

tag_canvas
content <canvas>
parents mdn/html/elements, other_ways_to_embed_content

border
content border
parents tag_iframe

allow_fullscreen
content allow-fullscreen
parents tag_iframe

src
content src
parents tag_iframe

width_height
content Width/height
parents tag_iframe

sandbox
content sandbox
children use_sandbox
parents tag_iframe

security
content security
children only_embed_when_necessary, use_https, use_sandbox, CSP, click_jacking, common_target
parents iframe

click_jacking
content Click-jacking
children embed_invisible_iframe (description)
parents security

common_target
content Common target/attack vector
parents security

embed_invisible_iframe
content Embed invisible iframe and capture user interactions
parents click_jacking

only_embed_when_necessary
content Only embed when necessary
parents security

use_https
content Use HTTPS
parents security

use_sandbox
content Always use sandbox attribute
children never_add_allow_script_and_allow_same_origin
parents sandbox, security

CSP
content CSP
children set_of_http_headers, content_security_policy (acronym), x_frame_options
parents security

content_security_policy
content Content Security Policy
parents CSP

set_of_http_headers
content Set of HTTP headers, designed to improve security of HTMl document
parents CSP

never_add_allow_script_and_allow_same_origin
content Never allow both allow-script and allow-same-origin to sandbox attribute
children could_disable_sandboxing
parents use_sandbox

could_disable_sandboxing
content Embedded content could bypass the same-origin policy, and use JavaScript to disable sandboxing altogether
parents never_add_allow_script_and_allow_same_origin

x_frame_options
content x-frame-options header
parents CSP