The <x> Element
The <x> element embeds HPPR content in a
nested browsing context—like an iframe, but for HPPR coordinates
instead of HTTP URLs.
Why Not <iframe>?
Iframes expect HTTP URLs. The <x> element
understands HPPR: - Accepts coordinates directly
(//group/app/path) - Integrates with the trust model -
Provides access to packet metadata
Usage
<!-- Embed a game board -->
<x src="//chess/game/board.html" width="800" height="600"></x>
<!-- Embed a widget, trusting the parent's keys -->
<x src="//app/widgets/sidebar.html" trustParent></x>
<!-- Relative coordinate -->
<x src="components/header.html"></x>Attributes
| Attribute | Description |
|---|---|
src |
URC or relative coordinate to load |
trustParent |
Inherit parent document’s site-trust |
width, height |
Element dimensions |
Properties
| Property | Description |
|---|---|
packet |
HpprPacket of the loaded content (null until
loaded) |
contentDocument |
The nested document (same-origin only) |
contentWindow |
The nested window (same-origin only) |
Events
| Event | When |
|---|---|
load |
Content successfully loaded |
error |
Load failed |
Trust Behavior
By default, embedded content has its own isolated security context. HAVI evaluates site-trust independently—the embedded content might have different trusted keys than the parent.
With trustParent, the embedded content inherits the
parent’s trusted keys. Use this for widgets and components that are
part of your own app.
Cross-Origin Access
Like iframes, contentDocument and
contentWindow return null when the
embedded content is from a different group/app. Each
//<group>/<app>/ is a separate origin.