 | View Full Version : Iframe = Security Risk ashras99 03-02-2010, 07:32 AM I heard iframe creates security risk, is this true? Iframe just calling another page from your own server, this is a way to show other page on same page you are visiting, so how this creates security risk? Please throw some light on this... Vinayak_Sharma 03-02-2010, 07:58 AM No, IFRAME in itself is not a security issue, issue is if some one (virus/hacker) has injected that IFRAME in your pages. rghf 03-02-2010, 08:03 AM When you put a google map insert on your page that is done via an iframe (taking their copy/paste default HTML) inspiron 03-02-2010, 08:26 AM No, using IFRAMEs in your site does not create any security issue. However, I would say try to avoid the IFRAMEs unless it's necessary that you can use them. ashras99 03-02-2010, 09:37 AM inspiron, if not an any security issue then why avoid? the_pm 03-02-2010, 12:24 PM inspiron, if not an any security issue then why avoid?There are usability issues associated with iframes and frames in general that make them less than desirable. They can mess up search engine as well (framed content will appear orphaned in search engine results). But there are no inherent security risks associated with them. caisc 03-08-2010, 03:18 PM No, using IFRAMEs in your site does not create any security issue. However, I would say try to avoid the IFRAMEs unless it's necessary that you can use them. ya we have much better options now in comparison to iframe for information display ashras99 03-08-2010, 03:42 PM better options like? accwebworks 03-08-2010, 03:52 PM Better options like using ajax to populate dynamic section of your page. IE browsers use ActiveXObject("Microsoft.XMLHTTP") object non IE browser (Firefox, CHrome, Opera etc.) use XMLHttpRequest() object It's better to use frameworks like jQuery, Yahoo YUI or prototype to encapsulate all these browser differences for you so you don't have to worry about it. Of course there are always exceptions. You still can use IFRMAE in cases where you want the html in IFRAME be completely isolated from the page. This is usually preferable when you want to include html from third parties, like advertising. weboutloud-Chris 03-08-2010, 04:18 PM Yeah, frames in themselves aren't a security risk, however malicious frames can be injected into your site (as mentioned earlier), and they give off a pretty negative vibe in most cases and are really "Web 1.0" in my opinion. Hydro_Host 03-09-2010, 12:50 PM I would avoid using iframes. They are bad for usability caisc 03-09-2010, 01:36 PM i dont even remember last time when we designed a site that used iframe..... its gone dear....... now its time to upgrade bostondaniel 03-16-2010, 04:33 PM iframes are disapearing as you can accomplish things with Ajax with better experience for the user. |