Reputation: 764
JavaScript and iframes: dangerous for my website?
In order to see a live preview of another website that users link to on my website, I'm using iframes.
However, this is probably not the best solution, as a website is loaded directly into mine, with every JavaScript element etc that is on the linked page.
My question: how dangerous is it to do such a thing? What is the worst case scenario that could happen? Could a linked site just by using JavaScript (or other technologies) do any serious harm to my site or my user's data?
And then, the second part of my question is, of course, about the website preview. All I found so far are scripts that contain more than one php and js file in order to load a website preview picture.
Isn't there an easier way to do this? What do you suggest?
Upvotes: 1
Views: 92
Answers (1)
Reputation: 66663
how dangerous is it to do such a thing?
Some websites do not like to be embedded using frames. Such websites can possibly take over the full browser by ensuring it is loaded in the topmost window. Aside from that, as long as your website and the website you are loading aren't from the same domain, they won't be able to access your cookies, DOM etc. So its pretty safe in that respect.
about the website preview
There aren't many fool proof mechanisms other than generating the preview image server side - as I believe the scripts you've seen do.
Upvotes: 2
Related Questions
- can i allow malicious code to run on my site?
- Security Risks of Including a 3rd Party iFrame
- iFrame Security Risks from Embedding by Hacker
- Javascript, HTML, and iFrames
- preventing iframe security issue
- iFrame and Javascripts
- What are the security vulnerabilities (if any) with using HTML5 iframes
- Java script in IFRAME security issues
- HTML iframes and javascript
- Iframe Security Issues