Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reasons for not using IFrame?

Tags:

are there any reasons not to use iframes at all? I currently use it to load a page from a different server (a sign up page - part of a distributed application) to provide a seamless experience. Is using iframes considered bad practice or is its use OK?

like image 579
Alex Avatar asked Aug 09 '09 21:08

Alex


People also ask

Why should we not use iframe?

If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in. A malicious user can change the source site URL.

Are iFrames a security risk?

The iFrame contains a malicious form that can lead the user to submit sensitive information. This threat can be solved by using sandbox with removing allow-forms . The iFrame may unintentionally download malware to the user's computer.

Are iFrames outdated?

The iframe is set as noborder so it appears completely seamless to the end user. Of course there would be other ways of doing this, but the use of an iframe is simple and robust. And it's certainly not obsolete. Save this answer.

When should you use iframe?

What is an iframe, and when do you use it? Developers mainly use the iframe tag to embed another HTML document within the current one. You may have crossed paths with it when you had to include a third-party widget (like the famous Facebook like button), a YouTube video, or an advertising section on your website.


2 Answers

The iframe is a great tool. It enjoys near-universal browser support, it's easy to implement and has a number of useful functions. As with any other HTML element, it can be abused, but wielded intelligently it can play a part in a solid UI.

Some developers might argue to use AJAX instead, and in some situations that may be the more appropriate approach, but AJAX is not a panacea and iframes can be a far simpler implementation which has the same end-result for your users. Do whatever is simplest first, and only change that when you can verify how and why that is not working.

like image 156
Rex M Avatar answered Sep 27 '22 21:09

Rex M


Keep using iframes. Here's an example of why:

The whole Verified By Visa thing really annoys me. I'm happily shopping at some site that I trust, when I'm redirected to some site I've never heard of (not visa.com) and I have to fill in some other form and hope that I get redirected correctly back to the shopping site.

Then recently I was shopping at the John Lewis website, and they brought up the Verified By Visa page in an iframe - wonderful! I'm still looking at the John Lewis site, and all that's happening is I'm being asked for my Verified By Visa password - no problem.

Although as a web developer I know that there's no technical difference between that and a plain old redirect-there-redirect-back, the user experience is so much better!

like image 28
RichieHindle Avatar answered Sep 27 '22 21:09

RichieHindle