difference between iframe, embed and object elements
Solution 1
<iframe>
The iframe element represents a nested browsing context. HTML 5 standard - "The
<iframe>element"
Primarily used to include resources from other domains or subdomains but can be used to include content from the same domain as well. The <iframe>'s strength is that the embedded code is 'live' and can communicate with the parent document.
<embed>
Standardised in HTML 5, before that it was a non standard tag, which admittedly was implemented by all major browsers. Behaviour prior to HTML 5 can vary ...
The embed element provides an integration point for an external (typically non-HTML) application or interactive content. (HTML 5 standard - "The
<embed>element")
Used to embed content for browser plugins. Exceptions to this is SVG and HTML that are handled differently according to the standard.
The details of what can and can not be done with the embedded content is up to the browser plugin in question. But for SVG you can access the embedded SVG document from the parent with something like:
svg = document.getElementById("parent_id").getSVGDocument();
From inside an embedded SVG or HTML document you can reach the parent with:
parent = window.parent.document;
For embedded HTML there is no way to get at the embedded document from the parent (that I have found).
<object>
The
<object>element can represent an external resource, which, depending on the type of the resource, will either be treated as an image, as a nested browsing context, or as an external resource to be processed by a plugin. (HTML 5 standard - "The<object>element")
Conclusion
Unless you are embedding SVG or something static you are probably best of using <iframe>. To include SVG use <embed> (if I remember correctly <object> won't let you script†). Honestly I don't know why you would use <object> unless for older browsers or flash (that I don't work with).
† As pointed out in the comments below; scripts in <object> will run but the parent and child contexts can't communicate directly. With <embed> you can get the context of the child from the parent and vice versa. This means they you can use scripts in the parent to manipulate the child etc. That part is not possible with <object> or <iframe> where you would have to set up some other mechanism instead, such as the JavaScript postMessage API.
Solution 2
One reason to use object over iframe is that object re-sizes the embedded content to fit the object dimensions. most notable on safari in iPhone 4s where screen width is 320px and the html from the embedded URL may set dimensions greater.
Solution 3
Another reason to use object over iframe is that object sub resources (when an <object> performs HTTP requests) are considered as passive/display in terms of Mixed content, which means it's more secure when you must have Mixed content.
Mixed content means that when you have https but your resource is from http.
Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
Solution 4
iframe have "sandbox" attribute that may block pop up etc
Related videos on Youtube
08 : 15
13 : 07
03 : 56
40 : 38
09 : 03
11 : 11
cnst
Completed: mdoc.su — short manual page URLs, a deterministic URL shorterer, written wholly in nginx.conf aibs(4) in OpenBSD, DragonFly, NetBSD and FreeBSD WIP: ports.su — OpenBSD's ports-readmes based on sqlports bmap.su — 100Mbps residential broadband under 100$/mo BXR.SU — Super User's BSD Cross Reference (publicly private beta over IPv6) ngx.su — grok nginx
Updated on October 19, 2020Comments
-
cnst over 3 years
HTML5 defines several embedded content elements, which, from a bird's-eye view, seem to be very similar to the point of being largely identical.
What is the actual difference between
iframe,embedandobject?If I want to embed an HTML file from a third-party site, which of these elements could I use, and how would they differ?
-
Riking almost 9 years
embedis ideal to get the visitor to follow a redirect chain originating at a website that blocks framing. (We use it to kick off federated login.) -
Dzenly over 8 yearsNot true about "object won't let script".schepers.cc/svg/blendups/embedding.html -
Jonas Schubert Erlandsson over 8 years@Dzenly The scripts declared in, for example, and SVG included via
<object>will run, but it's not possible (or I didn't manage) to get at the context of the object from the parent page. So "internal" scripts will run, "external" scripts, from the point of view of the object, can't communicate with the objects context. -
cnst about 8 yearsCan you kindly give more details and/or references? Otherwise, this only qualifies as a comment, not as an answer.
-
Malik A. Rumi over 7 yearsyea, but it is a helpful comment
-
Bachsau about 7 years<embed> is really outdated. I wouldn't use it for anything anymore. Today every major browser is able to use object for every plugin possible. If you want to use flash and define its type instead of a CLSID it will work in every browser the same way. It can even run java applets. However, I would still use iframes to embed external pages. -
Jonas Schubert Erlandsson about 7 years@Bachsau since this is a discussion about different options and their tradeoffs it feels wrong to just blankly say
<iframe />is the way to go. The entire point of the post is that they are all different.<embed>is still in the spec: w3.org/TR/html5/embedded-content-0.html#the-embed-element, so mentioning it is justified. I also find it more than a little funny that you argue that<embed>is outdated and mention Java applets in the next sentence :) -
Matt over 6 yearsThat doesn't seem to be the case based on current reading of the linked article, which lists object under both active and passive headings. Passive: "subresources (when an <object> performs HTTP requests)" / Active: "<object> (data attribute)" (the latter is how you load another HTTP request as per the original question.
-
Sid about 6 yearsThis was my use case, definitely a good helpful comment.thanks. -
djvg almost 6 yearsiFrame + iPhone = iHeadache
