271

HTML5 defines several embedded content elements, which, from a bird's-eye view, seem to be very similar to the point of being largely identical.

What is the actual difference between iframe, embed and object?

If I want to embed an HTML file from a third-party site, which of these elements could I use, and how would they differ?

simhumileco
  • 31,877
  • 16
  • 137
  • 115
cnst
  • 25,870
  • 6
  • 90
  • 122
  • they don't really look identical at all. third party site would be an iframe. – Kai Qing May 21 '13 at 01:06
  • embed vs object subset: http://stackoverflow.com/questions/1244788/embed-vs-object, iframe vs object subset: http://stackoverflow.com/questions/924946/use-of-iframe-or-object-tag-to-embed-web-pages-in-another, embed vs object vs video: http://stackoverflow.com/questions/11199048/differences-between-the-html-tags-of-embed-object-and-video – Ciro Santilli OurBigBook.com Aug 27 '14 at 11:23
  • 2
    @KaiQing Whether they look identical or not is your opinion, obviously not shared by the OP. Oh, and by the way, it is not an answer to his question, either. – Malik A. Rumi Aug 25 '16 at 17:00
  • 2
    @Malik - that's why it's a comment. And no, looking identical is not my opinion since the definitions of each clearly outline the differences and when you would use each one. How they appear on the front end could theoretically look identical but I think the OP's context was in usage and not appearance. The comment is to illustrate that you would use an iframe for third party, as they asked. I can only assume I was too busy to write out a full answer back then. – Kai Qing Aug 25 '16 at 18:15
  • 3
    Now MDN has a detailed explanation https://developer.mozilla.org/en-US/docs/Learn/HTML/Multimedia_and_embedding/Other_embedding_technologies – ohkts11 Jun 08 '19 at 05:30

4 Answers4

179

<iframe>

The iframe element represents a nested browsing context. HTML 5 standard - "The <iframe> element"

Primarily used to include resources from other domains or subdomains but can be used to include content from the same domain as well. The <iframe>'s strength is that the embedded code is 'live' and can communicate with the parent document.

<embed>

Standardised in HTML 5, before that it was a non standard tag, which admittedly was implemented by all major browsers. Behaviour prior to HTML 5 can vary ...

The embed element provides an integration point for an external (typically non-HTML) application or interactive content. (HTML 5 standard - "The <embed> element")

Used to embed content for browser plugins. Exceptions to this is SVG and HTML that are handled differently according to the standard.

The details of what can and can not be done with the embedded content is up to the browser plugin in question. But for SVG you can access the embedded SVG document from the parent with something like:

svg = document.getElementById("parent_id").getSVGDocument();

From inside an embedded SVG or HTML document you can reach the parent with:

parent = window.parent.document;

For embedded HTML there is no way to get at the embedded document from the parent (that I have found).

<object>

The <object> element can represent an external resource, which, depending on the type of the resource, will either be treated as an image, as a nested browsing context, or as an external resource to be processed by a plugin. (HTML 5 standard - "The <object> element")

Conclusion

Unless you are embedding SVG or something static you are probably best of using <iframe>. To include SVG use <embed> (if I remember correctly <object> won't let you script†). Honestly I don't know why you would use <object> unless for older browsers or flash (that I don't work with).

† As pointed out in the comments below; scripts in <object> will run but the parent and child contexts can't communicate directly. With <embed> you can get the context of the child from the parent and vice versa. This means they you can use scripts in the parent to manipulate the child etc. That part is not possible with <object> or <iframe> where you would have to set up some other mechanism instead, such as the JavaScript postMessage API.

Community
  • 1
  • 1
Jonas Schubert Erlandsson
  • 3,910
  • 1
  • 24
  • 37
  • 5
    `embed` is ideal to get the visitor to follow a redirect chain originating at a website that blocks framing. (We use it to kick off federated login.) – Riking Jun 30 '15 at 19:46
  • 7
    Not true about "object won't let script".http://www.schepers.cc/svg/blendups/embedding.html – Dzenly Oct 02 '15 at 16:09
  • 1
    @Dzenly The scripts declared in, for example, and SVG included via `` will run, but it's not possible (or I didn't manage) to get at the context of the object from the parent page. So "internal" scripts will run, "external" scripts, from the point of view of the object, can't communicate with the objects context. – Jonas Schubert Erlandsson Nov 01 '15 at 16:22
  • is really outdated. I wouldn't use it for anything anymore. Today every major browser is able to use object for every plugin possible. If you want to use flash and define its type instead of a CLSID it will work in every browser the same way. It can even run java applets. However, I would still use iframes to embed external pages. – Bachsau Mar 12 '17 at 02:49
  • 4
    @Bachsau since this is a discussion about different options and their tradeoffs it feels wrong to just blankly say `` is the way to go. The entire point of the post is that they are all different. `` is still in the spec: https://www.w3.org/TR/html5/embedded-content-0.html#the-embed-element, so mentioning it is justified. I also find it more than a little funny that you argue that `` is outdated and mention Java applets in the next sentence :) – Jonas Schubert Erlandsson Mar 14 '17 at 09:30
36

One reason to use object over iframe is that object re-sizes the embedded content to fit the object dimensions. most notable on safari in iPhone 4s where screen width is 320px and the html from the embedded URL may set dimensions greater.

Irshad
  • 3,071
  • 5
  • 30
  • 51
ivanixdev
  • 371
  • 3
  • 2
  • 14
    Can you kindly give more details and/or references? Otherwise, this only qualifies as a comment, not as an answer. – cnst Jan 19 '16 at 17:09
6

Another reason to use object over iframe is that object sub resources (when an <object> performs HTTP requests) are considered as passive/display in terms of Mixed content, which means it's more secure when you must have Mixed content.

Mixed content means that when you have https but your resource is from http.

Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content

harunurhan
  • 1,516
  • 1
  • 17
  • 21
  • That doesn't seem to be the case based on current reading of the linked article, which lists object under both active and passive headings. Passive: "subresources (when an performs HTTP requests)" / Active: " (data attribute)" (the latter is how you load another HTTP request as per the original question. – Tim Abell Nov 09 '17 at 14:20
4

iframe have "sandbox" attribute that may block pop up etc

Mahmoud Habak
  • 41
  • 1