I created a simple HTML page with an iframe
whose src
attribute references the containing page -- in other words a self-referencing iframe.
this.html
<html>
<head></head>
<body>
<iframe src="this.html"></iframe>
</body>
</html>
Why does this not infinitely loop and crash my browser? Also, why doesn't even IE crash at this?
(Note: This spawned from a team discussion on the virtues and demerits of using iframes to solve problems. You know, the 'mirror of a mirror' sort.)
Iframes Bring Security Risks. If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in.
Most probably web site that you try to embed as an iframe doesn't allow to be embedded. You need to update X-Frame-Options on the website that you are trying to embed to allow your Power Apps Portal (if you have control over that website). You can find more here.
IFrames are not obsolete, but the reasons for using them are rare. Using IFrames to serve your own content creates a "wall" around accessing the content in that area. For crawlers like Google, It's not immediately clear that cotent in an iframe will be ranked as highly as if the content were simply part of the page.
Nope, iframes are definitely not dead.
W3C took care of that in 1997 explaining how frames should be implemented in "Implementing HTML Frames":
Any frame that attempts to assign as its SRC a URL used by any of its ancestors is treated as if it has no SRC URL at all (basically a blank frame).
As kingdago found out and mentioned in the comment above, one browser that missed to implement a safeguard for this was Mozilla in 1999. Quote from one of the developers:
This is a parity bug (and a source of possible embarrasment) since MSIE5 doesn't have a problem with these kinds of pages.
I decided to dig some more into this and it turns out that in 2004 this happened again. However, this time JavaScript was involved:
This is the code, what causes it: <iframe name="productcatalog" id="productcatalog" src="page2.htm"></iframe> directly followed by a script with this in it: frames.productcatalog.location.replace(frames.productcatalog.location + location.hash);
...
Actual Results: The parent window gets recursively loaded into the iframe, resulting sometimes in a crash.
Expected Results: Just show it like in Internet Explorer.
Then again in 2008 with Firefox 2 (this also involved JavaScript).
And again in 2009. The interesting part here is that this bug is still open and this attachment: https://bugzilla.mozilla.org/attachment.cgi?id=414035
(will you restrain your curiosity?) will still crash/freeze your Firefox (I just tested it and I almost crashed the whole Ubuntu). In Chrome it just loads indefinitely (probably because each tab lives in a separate process).
As for the other browsers:
I'd like to add a little something to the "Also, why doesn't even IE crash at this?" part of the question. IE does not let us down...
If you add a simple iteration number as a query string to the nested iFrame's src Firefox and others will just stop after a certain iteration depth. IE - and we tested this with IE version 10 - just crashes :)
this.php
<html>
<head></head>
<body>
<iframe src="this.php?q=<?php echo (isset($_GET['q'])?$_GET['q']:1)+1?>" />
</body>
</html>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With