I want to allow logged users to view content of any third party via IFrame.
Some
Is the IFrame Src Url allowed to set a security issue to users?
What security issues do I have to face?
Thanks
Rafael
= "post-text" itemprop = "text"> < P> Are you afraid of users who will harm you? So the answer is, you can not do anything about it, they want to control the source in their browser. You have to be on your security server.
But if you want to protect your client from the mail code, which is on third party websites that loads via IFrame, the answer is: iframe is quite secure Xss / same- Source-basic policies are a great day.
Well, such a thing is always a risk. You do not have to be afraid of content in IFrame. The suggestion I give is to validate the content or src tag. Make this a valid URL and then you should be ok.
In the iframe only, the page may be able to redirect your page to the bad site. (As the document.location feature is hard and readable in an iframe from different origin). They are not reliable on ways to stop them.
You can load the external server's website on your server and set the base href attribute on the external site to the output, so everything will be loaded properly, so you have to check the document / It has the ability to manipulate but if you want to maintain advanced stuff like javascript etc. it is very complicated.
To deposit it: The site can not hurt you really but the user but if the user specifies a bad site, its actually its problem ....
Comments
Post a Comment