and <object> are both blank, but only in Firefox</a></h1> </div> <div class="grid fw-wrap pb8 mb16 bb bc-black-075"> <div class="grid--cell ws-nowrap mr16 mb8" title="2016-01-12 19:07:53Z"> <span class="fc-light mr2">Asked</span> <time itemprop="dateCreated" datetime="2017-04-20T21:02:59.973" class="fromnow">Apr 20 '17 at 21:02</time> </div> <div class="grid--cell ws-nowrap mr16 mb8"> <span class="fc-light mr2">Active</span> <time class="fromnow" title="2019-04-25T09:53:39.517" datetime="2019-04-25T09:53:39.517">Apr 25 '19 at 09:53</a> </div> <div class="grid--cell ws-nowrap mb8" title="Viewed 4,380 times"> <span class="fc-light mr2">Viewed</span> 4,380 times </div> </div> <div id="mainbar" role="main" aria-label="questions and answers"> <div id="question" class="question" data-questionid="43529860" data-ownerid="2449905" data-score="11"> <div class="post-layout"> <div class="votecell post-layout--left"> <div class="js-voting-container grid jc-center fd-column ai-stretch gs4 fc-black-200" data-post-id="43529860"> <button class="js-vote-up-btn grid--cell s-btn s-btnunset c-pointer"><svg aria-hidden="true" class="m0 svg-icon iconArrowUpLg" width="36" height="36" viewBox="0 0 36 36"><path d="M2 26h32L18 10 2 26z"></path></svg></button> <div class="js-vote-count grid--cell fc-black-500 fs-title grid fd-column ai-center" itemprop="upvoteCount" data-value="11">11</div> <button class="js-bookmark-btn s-btn s-btnunset c-pointer py4"> <svg aria-hidden="true" class="svg-icon iconBookmark" width="18" height="18" viewBox="0 0 18 18"><path d="M6 1a2 2 0 00-2 2v14l5-4 5 4V3a2 2 0 00-2-2H6zm3.9 3.83h2.9l-2.35 1.7.9 2.77L9 7.59l-2.35 1.7.9-2.76-2.35-1.7h2.9L9 2.06l.9 2.77z"></path></svg> <div class="js-bookmark-count mt4" data-value="0">0</div> </button> </div> </div> <div class="postcell post-layout--right"> <div class="s-prose js-post-body" itemprop="text"><p>I am attempting to embed one site into another site. I control both servers, which I will refer to here as "site1.com" (the site in the browser) and "site2.com" (the site I am trying to embed).</p> <h2>HTML embed code</h2> <p>Attempt 1, using iframe tag:</p> <pre class="lang-html prettyprint-override"><code><iframe height="600" width="600" name="my other site" src="https://site2.com/foo/bar"> Unable to display--your browser does not support frames. </iframe> </code></pre> <p>Attempt 2, using object tag:</p> <pre class="lang-html prettyprint-override"><code><object type="text/html" height="600" width="600" name="my other site" data="https://site2.com/foo/bar"></object> </code></pre> <h2>Things I know are not the problem</h2> <h3>Secure/insecure mismatch</h3> <p>I've read that Firefox will not allow an HTTP embed into an HTTPS page. Both sites are HTTPS, so there is no mismatch. The loaded resources (CSS, etc) are also https, from same origin, so there is no mixed-content problem.</p> <p>I have tried setting <code>security.mixed_content.block_active_content</code> to <code>false</code>, in case I was mistaken about this, but the iframe was still blank.</p> <h3>Invalid or untrusted certificates</h3> <p>Both sites are using valid certificates, signed by a proper trusted authority, and are not expired. In fact, we are using a subdomain wildcard certificate, so they are both using the same certificate (they both are in the same subdomain).</p> <h3>X-Frame-Options</h3> <p>The site that I am trying to embed has this response header:</p> <pre class="lang-none prettyprint-override"><code>X-Frame-Options: ALLOW-FROM SITE1.COM </code></pre> <h3>Content-Security-Policy</h3> <p>The site that I am trying to embed has this response header (wrapped here for readability):</p> <pre class="lang-none prettyprint-override"><code>Content-Security-Policy: frame-ancestors https://site1.com; default-src 'self'; script-src https://site1.com 'self' 'unsafe-inline'; style-src https://site1.com 'self' 'unsafe-inline' </code></pre> <p>Extra disclosure, possibly not needed - these headers are being generated by a Django application server, using this config and the "django-csp" module.</p> <pre class="lang-python prettyprint-override"><code>X_FRAME_OPTIONS = 'Allow-From site1.com' CSP_FRAME_ANCESTORS = ('https://site1.com',) CSP_STYLE_SRC = ('https://site1.com', "'self'", "'unsafe-inline'") CSP_SCRIPT_SRC = ('https://site1.com', "'self'", "'unsafe-inline'") </code></pre> <h3>CORS</h3> <p>My understanding is that CORS is only in play when the request contains an "Origin" header. That doesn't seem to be happening here. I have also tried addressing CORS by using this header:</p> <pre class="lang-none prettyprint-override"><code>Access-Control-Allow-Origin: https://site1.com </code></pre> <p>But that appears to have no effect.</p> <h3>Ad blocker</h3> <p>I do not have an ad blocker in this Firefox install. I also removed <em>all</em> of my extensions and re-tested after a Firefox restart, the "blank iframe" behavior remains the same with no extensions installed at all.</p> <h2>Observed behavior</h2> <p>I have tested using the following browsers.</p> <ul> <li>Google Chrome 58.0.3029.81 (64-bit) (macOS)</li> <li>Safari 10.1 (macOS)</li> <li>Firefox 53.0 (64-bit) (macOS)</li> <li>Microsoft Edge 38.14393.0.0 (Windows 10)</li> </ul> <p>Using Chrome, Safari, and Edge, the frame is shown like I expect - site2.com appears as a box inside of the site1.com page.</p> <p>Using Firefox, I am shown an empty space of the size specified (600x600). If I used iframe, then there is a black border around it. If I used object, it's just a blank area with no border.</p> <p>The most interesting thing is that if I open the developer console and reload the page, I see the requests to fetch site1.com and its CSS and so on, but there are <em>no requests made</em> for site2.com. It isn't that there is a problem showing site2.com, it is never requested at all.</p> <p>Also, the developer console shows no errors or warnings about this. If there were an error condition or security exception preventing the loading of the second site, I would expect some sort of warning to be logged.</p> <p>This has been driving me crazy for a few days. Any suggestions appreciated.</p></div> <div class="mt24 mb12"> <div class="post-taglist grid gs4 gsy fd-column"> <div class="grid ps-relative"> <a href="../../questions/tagged/html" class="post-tag js-gps-track" title="show questions tagged 'html'" rel="tag">html</a> <a href="../../questions/tagged/http" class="post-tag js-gps-track" title="show questions tagged 'http'" rel="tag">http</a> <a href="../../questions/tagged/firefox" class="post-tag js-gps-track" title="show questions tagged 'firefox'" rel="tag">firefox</a> <a href="../../questions/tagged/nginx" class="post-tag js-gps-track" title="show questions tagged 'nginx'" rel="tag">nginx</a> <a href="../../questions/tagged/iframe" class="post-tag js-gps-track" title="show questions tagged 'iframe'" rel="tag">iframe</a> </div> </div> </div> <div class="mb0"> <div class="mt16 grid gs8 gsy fw-wrap jc-end ai-start pt4 mb16"> <div class="grid--cell mr16 fl1 w96"></div> <div class="post-signature grid--cell"> <div class="user-info "> <div class="user-action-time">edited <span title="2017-05-12T16:25:24.020" class="relativetime">May 12 '17 at 16:25</span></div> <div class="user-gravatar32"></div> <div class="user-details" itemprop="author" itemscope="" itemtype="http://schema.org/Person"> <span class="d-none" itemprop="name">Dan Lowe</span> <div class="-flair"></div> </div> </div> </div> <div class="post-signature owner grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Apr 20 '17 at 21:02">asked Apr 20 '17 at 21:02</time> <a href="../../users/2449905/dan-lowe" class="s-avatar s-avatar32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/2449905.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Dan Lowe" /> </a> <div class="s-user-card--info"> <a href="../../users/2449905/dan-lowe" class="s-user-card--link">Dan Lowe</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">51,713</li> <li class="s-award-bling s-award-blinggold" title="20 gold badges">20</li> <li class="s-award-bling s-award-blingsilver" title="123 silver badges">123</li> <li class="s-award-bling s-award-blingbronze" title="112 bronze badges">112</li> </ul> </div> </div> </div> </div> </div> </div> <div class="post-layout--right js-post-comments-component"> <div id="comments-43529860" class="comments js-comments-container bt bc-black-075 mt12 " data-post-id="43529860" data-min-length="15"> <ul class="comments-list js-comments-list" data-remaining-comments-count="0" data-canpost="false" data-cansee="true" data-comments-unavailable="false" data-addlink-disabled="true"> <li id="comment-74112660" class="comment js-comment " data-comment-id="74112660" data-comment-owner-id="1137071" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74112660_43529860"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">I am not sure, but maybe its about FF Same Origin Policy... http://stackoverflow.com/questions/17088609/disable-firefox-same-origin-policy</span> – <a href="../../users/1137071/jingo" title="3,200 reputation" class="comment-user ">Jingo</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74112660_43529860"><span title="2017-04-20T21:10:13.540 License: CC BY-SA 3.0" class="relativetime-clean">Apr 20 '17 at 21:10</span></a></span> </div> </div> </li> <li id="comment-74170396" class="comment js-comment " data-comment-id="74170396" data-comment-owner-id="2449905" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74170396_43529860"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">@Jingo I've been looking at CORS (same origin), but it appears to only apply when an `Origin` header is sent in the request. That isn't the case here. Still I added a `Access-Control-Allow-Origin` header, but it didn't change anything.</span> – <a href="../../users/2449905/dan-lowe" title="51,713 reputation" class="comment-user owner">Dan Lowe</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74170396_43529860"><span title="2017-04-22T13:19:02.393 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '17 at 13:19</span></a></span> </div> </div> </li> <li id="comment-74884234" class="comment js-comment " data-comment-id="74884234" data-comment-owner-id="4634143" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74884234_43529860"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">Any ad blocking on that browser?</span> – <a href="../../users/4634143/jen-r" title="1,527 reputation" class="comment-user ">Jen R</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74884234_43529860"><span title="2017-05-11T21:01:09.060 License: CC BY-SA 3.0" class="relativetime-clean">May 11 '17 at 21:01</span></a></span> </div> </div> </li> <li id="comment-74917270" class="comment js-comment " data-comment-id="74917270" data-comment-owner-id="2449905" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74917270_43529860"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">@JenR Good question, I can't believe I didn't mention that. I updated the question. No, no ad blocker, and no extensions installed at all.</span> – <a href="../../users/2449905/dan-lowe" title="51,713 reputation" class="comment-user owner">Dan Lowe</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74917270_43529860"><span title="2017-05-12T16:25:51.147 License: CC BY-SA 3.0" class="relativetime-clean">May 12 '17 at 16:25</span></a></span> </div> </div> </li> </ul> </div> </div> </div> </div> <div id="answers"> <a name="tab-top"></a> <div id="answers-header"> <div class="answers-subheader grid ai-center mb8"> <div class="grid--cell fl1"> <h2 class="mb0" data-answercount="9">2 Answers<span style="display:none;" itemprop="answerCount">2</span></h2> </div> </div> </div> <a name="43954738"></a> <div id="answer-43954738" class="answer accepted-answer" data-answerid="43954738" data-ownerid="6730571" data-score="4" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer"> <div class="post-layout"> <div class="votecell post-layout--left"> <div class="js-voting-container grid jc-center fd-column ai-stretch gs4 fc-black-200" data-post-id="43954738"> <button class="js-vote-up-btn grid--cell s-btn s-btnunset c-pointer"><svg aria-hidden="true" class="m0 svg-icon iconArrowUpLg" width="36" height="36" viewBox="0 0 36 36"><path d="M2 26h32L18 10 2 26z"></path></svg></button> <div class="js-vote-count grid--cell fc-black-500 fs-title grid fd-column ai-center" itemprop="upvoteCount" data-value="4">4</div> <div class="js-accepted-answer-indicator grid--cell fc-green-500 py6 mtn8"><div class="ta-center"><svg aria-hidden="true" class="svg-icon iconCheckmarkLg" width="36" height="36" viewBox="0 0 36 36"><path d="m6 14 8 8L30 6v8L14 30l-8-8v-8z"></path></svg></div></div> </div> </div> <div class="postcell post-layout--right"> <div class="s-prose js-post-body" itemprop="text"><p>I reproduced the issue on my server which serves 2 domains, and then fixed it this way:</p> <pre><code>X-Frame-Options: ALLOW-FROM https://SITE1.COM </code></pre> <p>I added <code>https://</code>, as seen in <a class="external-link" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" rel="nofollow noreferrer">MDN page for X-Frame-Options</a></p> <p>You can observe the difference here (only with Firefox of course, as with other browsers both frames are shown): I pushed a php page that inserts the header <a class="external-link" href="https://planning.zami.fr/so/43529860/Test-X-Frame-Options.php?style=a" rel="nofollow noreferrer">without</a> or <a class="external-link" href="https://planning.zami.fr/so/43529860/Test-X-Frame-Options.php?style=b" rel="nofollow noreferrer">with</a> <code>https://</code>, and created <a class="external-link" href="https://jsfiddle.net/pxrdpks4/2/" rel="nofollow noreferrer">this fiddle</a> that insert 2 iframes: Firefox shows first iframe as empty, and second one with content (which echoes the value in header) on the right.</p> <p><a class="external-link" href="https://i.stack.imgur.com/VIeyZ.png" rel="nofollow noreferrer"><img alt="screenshot of firefox" src="../../images/3839560881.webp"/></a></p> <p>Since you are forced to put a "serialized origin" (protocol+FQDN), I wondered if you can put multiple entries, or wildcards. My understanding of <a class="external-link" href="https://www.rfc-editor.org/rfc/rfc7034#section-2.3.2.3" rel="nofollow noreferrer">RFC 7034</a> says you cannot.</p> <p>Now about this detail:</p> <blockquote> <p>The most interesting thing is that if I open the developer console and reload the page, I see the requests to fetch site1.com and its CSS and so on, but there are no requests made for site2.com. It isn't that there is a problem showing site2.com, it is never requested at all.</p> </blockquote> <p>That's because it was cached. I also saw that, but a force-refresh rightly showed a new request was made.</p></div> <div class="mb0"> <div class="mt16 grid gs8 gsy fw-wrap jc-end ai-start pt4 mb16"> <div class="grid--cell mr16 fl1 w96"></div> <div class="post-signature grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="edited Oct 07 '21 at 08:57">edited Oct 07 '21 at 08:57</time> <a href="../../users/-1/community" class="s-avatar s-avatar32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/-1.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Community" /> </a> <div class="s-user-card--info"> <a href="../../users/-1/community" class="s-user-card--link">Community</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">1</li> <li class="s-award-bling s-award-blingsilver" title="1 silver badges">1</li> </ul> </div> </div> </div> <div class="post-signature grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="answered May 13 '17 at 15:17">answered May 13 '17 at 15:17</time> <a href="../../users/6730571/hugues-m" class="s-avatar s-avatar32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/6730571.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Hugues M." /> </a> <div class="s-user-card--info"> <a href="../../users/6730571/hugues-m" class="s-user-card--link">Hugues M.</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">19,846</li> <li class="s-award-bling s-award-blinggold" title="6 gold badges">6</li> <li class="s-award-bling s-award-blingsilver" title="37 silver badges">37</li> <li class="s-award-bling s-award-bling__bronze" title="65 bronze badges">65</li> </ul> </div> </div> </div> </div> </div> </div> <div class="post-layout--right js-post-comments-component"> <div id="comments-43954738" class="comments js-comments-container bt bc-black-075 mt12 " data-post-id="43954738" data-min-length="15"> <ul class="comments-list js-comments-list" data-remaining-comments-count="0" data-canpost="false" data-cansee="true" data-comments-unavailable="false" data-addlink-disabled="true"> <li id="comment-74945100" class="comment js-comment " data-comment-id="74945100" data-comment-owner-id="2449905" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74945100_43954738"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">This looks promising! I am out for a while but I will try it when I get home.</span> – <a href="../../users/2449905/dan-lowe" title="51,713 reputation" class="comment-user owner">Dan Lowe</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74945100_43954738"><span title="2017-05-13T19:18:11.283 License: CC BY-SA 3.0" class="relativetime-clean">May 13 '17 at 19:18</span></a></span> </div> </div> </li> <li id="comment-74945114" class="comment js-comment " data-comment-id="74945114" data-comment-owner-id="6730571" data-comment-score="1"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> <span title="number of 'useful comment' votes received" class="warm">1</span> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74945114_43954738"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">I hope "for a while" does not extend over the end of bounty period ;)</span> – <a href="../../users/6730571/hugues-m" title="19,846 reputation" class="comment-user ">Hugues M.</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74945114_43954738"><span title="2017-05-13T19:18:52.003 License: CC BY-SA 3.0" class="relativetime-clean">May 13 '17 at 19:18</span></a></span> </div> </div> </li> </ul> </div> </div> </div> </div> <a name="43957527"></a> <div id="answer-43957527" class="answer " data-answerid="43957527" data-ownerid="1675954" data-score="1" itemprop="suggestedAnswer" itemscope="" itemtype="https://schema.org/Answer"> <div class="post-layout"> <div class="votecell post-layout--left"> <div class="js-voting-container grid jc-center fd-column ai-stretch gs4 fc-black-200" data-post-id="43957527"> <button class="js-vote-up-btn grid--cell s-btn s-btn__unset c-pointer"><svg aria-hidden="true" class="m0 svg-icon iconArrowUpLg" width="36" height="36" viewBox="0 0 36 36"><path d="M2 26h32L18 10 2 26z"></path></svg></button> <div class="js-vote-count grid--cell fc-black-500 fs-title grid fd-column ai-center" itemprop="upvoteCount" data-value="1">1</div> </div> </div> <div class="postcell post-layout--right"> <div class="s-prose js-post-body" itemprop="text"><p>If you knew the source code (right click and view source of url to embed - but you control it in this case so you can copy and paste) and it was only a reasonably small amount of code (probable because you're using an iframe), then you could use the HTML5 srcdoc attribute to embed the html code, instead of pointing to the url. This would save a lot of hassle regarding unknown factors regarding the site you want to embed (CORS etc..) which you would not usually know if you didn't have control over the second site.</p> <p>According to <a class="external-link" href="http://caniuse.com/#feat=iframe-srcdoc" rel="nofollow noreferrer">caniuse.com</a> the <a class="external-link" href="https://www.w3schools.com/tags/att_iframe_srcdoc.asp" rel="nofollow noreferrer"><code>srcdoc</code></a> property has full support in Firefox since vsn 25 onwards (so since Sept 2013). </p> <p>Hope this helps (Here's a tested <a class="external-link" href="https://jsfiddle.net/RachGal/jzwm0x32/" rel="nofollow noreferrer">jsfiddle</a> example)</p></div> <div class="mb0"> <div class="mt16 grid gs8 gsy fw-wrap jc-end ai-start pt4 mb16"> <div class="grid--cell mr16 fl1 w96"></div> <div class="post-signature grid--cell"> <div class="user-info "> <div class="user-action-time">edited <span title="2017-05-13T20:29:20.690" class="relativetime">May 13 '17 at 20:29</span></div> <div class="user-gravatar32"></div> <div class="user-details" itemprop="author" itemscope="" itemtype="http://schema.org/Person"> <span class="d-none" itemprop="name">Rachel Gallen</span> <div class="-flair"></div> </div> </div> </div> <div class="post-signature grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="answered May 13 '17 at 20:07">answered May 13 '17 at 20:07</time> <a href="../../users/1675954/rachel-gallen" class="s-avatar s-avatar32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/1675954.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Rachel Gallen" /> </a> <div class="s-user-card--info"> <a href="../../users/1675954/rachel-gallen" class="s-user-card--link">Rachel Gallen</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">27,943</li> <li class="s-award-bling s-award-blinggold" title="21 gold badges">21</li> <li class="s-award-bling s-award-blingsilver" title="72 silver badges">72</li> <li class="s-award-bling s-award-blingbronze" title="81 bronze badges">81</li> </ul> </div> </div> </div> </div> </div> </div> <div class="post-layout--right js-post-comments-component"> <div id="comments-43957527" class="comments js-comments-container bt bc-black-075 mt12 " data-post-id="43957527" data-min-length="15"> <ul class="comments-list js-comments-list" data-remaining-comments-count="0" data-canpost="false" data-cansee="true" data-comments-unavailable="false" data-addlink-disabled="true"> <li id="comment-74946041" class="comment js-comment " data-comment-id="74946041" data-comment-owner-id="2449905" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment74946041_43957527"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">In this case the target is a complex interactive tool, a full site in its own right. So while this is an interesting idea in a general sense, it unfortunately is not very applicable to my particular circumstances. Still I'll upvote because the idea itself is a useful one.</span> – <a href="../../users/2449905/dan-lowe" title="51,713 reputation" class="comment-user owner">Dan Lowe</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/43529860/iframe-and-object-are-both-blank-but-only-in-firefox#comment74946041_43957527"><span title="2017-05-13T20:12:01.653 License: CC BY-SA 3.0" class="relativetime-clean">May 13 '17 at 20:12</span></a></span> </div> </div> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> <script src="../../static/js/stack-icons.js"></script> <script src="../../static/js/fromnow.js"></script> </body> </html>