I've seen a lot of complaints all over the internet to not use frames, and it's considered bad practice to use frames, plus they are obsolete.
However, iframes are not obsolete, but they are frames. Is it considered bad practice to use them?
Also, can iframes be rendered to data:png/base64 or whatever, in the same way canvases can?
Iframes Bring Security Risks. If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in.
IFrames are not obsolete, but the reasons for using them are rare. Using IFrames to serve your own content creates a "wall" around accessing the content in that area. For crawlers like Google, It's not immediately clear that cotent in an iframe will be ranked as highly as if the content were simply part of the page.
However, iframes are not obsolete, but they are frames. Is it considered bad practice to use them?
Sometimes you have to embed a separate HTML document into another, and that is OK. For the record, HTML5 has an entire section dedicated to embedding external content, of which one of the relevant elements is iframe
(W3C HTML5).
Of course, whether something is good or bad practice also highly dependent on your use case, but best-practice questions tend to be quite broad by nature.
Also, can iframes be rendered to data:png/base64 or whatever, in the same way canvases can?
As a matter of fact, yes, although IE does not appear to support data:text/html
at the moment:
<iframe src="data:text/html,<!DOCTYPE html><html><body><p>abc"></iframe>
However, this is not the "proper" way to do it (even the validators don't agree on whether the syntax is valid — W3C's Nu validator appears to dislike data:text/html
because of all the HTML symbols, while Validator.nu only complains about the unencoded whitespace in the DOCTYPE). For embedding raw HTML, you need to use the new srcdoc
attribute instead of src
(which has even less browser support):
<iframe srcdoc="<!DOCTYPE html><html><body><p>abc"></iframe>
So, in general, specifying raw HTML for iframes is a bad idea for now, and even once browsers start supporting the srcdoc
attribute, you should use that over a data URI with the src
attribute.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With