Historic plugins (Flash, Silverlight, Java applets) relied on NPAPI/PPAPI bridges—modern browsers removed them. Today <object> and <embed> remain for PDFs, specialized viewers, or intranet controls.
Object vs embed
objectsupports fallback HTML inside tags.embedis void—use when plugins expect it historically.
PDFs
Browser PDF rendering varies—offer downloads and summarize contents for accessibility.
Security
Plugins executed native code—never load untrusted sources; prefer converting content to open web formats.
Still relevant in enterprises
Internal PDF portals or legacy viewers may force object—document CSP exceptions rather than weakening global policies blindly.
Example — object with fallback
<object data="/whitepaper.pdf" type="application/pdf" width="600" height="400">
<p><a href="/whitepaper.pdf">Download PDF</a></p>
</object>No embedded PDF rendered here—browsers diverge on inline PDF; always ship a plain download.
Example — embed (void)
<embed src="/diagram.svg" type="image/svg+xml" width="320" height="200" title="Architecture diagram">Inline preview intentionally omitted here because plugin/PDF support varies by browser. Always provide a direct download link.
Important interview questions and answers
- Q: Why should video/audio include fallbacks and tracks?
A: Codec support differs by browser and captions/transcripts are essential for accessibility and compliance. - Q: When is inline SVG better than bitmap icons?
A: For scalable, styleable, lightweight icons that inherit CSS and remain sharp across densities. - Q: What is a common embed risk with third-party iframes?
A: Privacy/performance overhead and policy issues; lazy-load and apply consent/security constraints where needed.
Tip: Avoid Flash-era plugins—use native video or trusted embeds.