Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do some websites (like facebook) load scripts in an iframe?

Why do some websites (like facebook) load scripts in an iframe?

Is this to allow the site to load more than 2 resources at a time because the iframe's resources are at different URLs?

like image 719
Chris Marisic Avatar asked Feb 14 '10 20:02

Chris Marisic


People also ask

Why some websites are not opening in iframe?

If the primary domain for your website is secure with SSL (https://) but the source URL for your Iframe is not, your website will display an error, or simply not display the content. To fix this, you'll need to update the Source URL for your Iframe content with the secure (https://) version.

Can you iframe any site?

An iframe, short for inline frame, is an HTML element that contains another HTML document within it. The iframe element is specified with the iframe tag. It may be placed anywhere in an HTML document, and thus anywhere on a web page.


2 Answers

What you are seing, might be an application of "Comet" communication, using a hidden iframe as data channel. A short explanation of the technique according to Wikipedia:

A basic technique for dynamic web application is to use a hidden IFrame HTML element (an inline frame, which allows a website to embed one HTML document inside another). This invisible IFrame is sent as a chunked block, which implicitly declares it as infinitely long (sometimes called “forever frame”). As events occur, the iframe is gradually filled with script tags, containing JavaScript to be executed in the browser. Because browsers render HTML pages incrementally, each script tag is executed as it is received.

This could be used for something like a chat, where messages are expected to appear without noticeable delay, and preferably without periodical "polling" for new data. If this is what you have come across, you should see several <script> elements in the frame, and more should be added as times go by.

like image 98
Jørn Schou-Rode Avatar answered Oct 23 '22 19:10

Jørn Schou-Rode


EDIT

So to actually address your question... I don't know! The following information might be helpful, however:

Facebook prepends all of the JS variables and functions with your application ID.

var ID;

becomes

var 1262682068026-ID;

This limits the scope of your javascript to only your application so you can't use the DOM to get at their friends, phone number, email, address, etc, unless authorized. It makes a little sub-sandbox for you to play in.

More info on scoping here: Facebook Docs

like image 20
Alex Mcp Avatar answered Oct 23 '22 21:10

Alex Mcp