Reputation: 6645
What are the security vulnerabilities (if any) with using HTML5 iframes
I'm migrating from one version of a web client to a newer version running on the same machine.
The web client will be primarily used on an internal LAN interface but there will be some exposure to the WAN also.
As a migratory step, I intend to include pages from the newer webclient in the older webclient structure. I was planning to use iframes for this.
Are there any potential security risks that I should be aware of before doing this?
Thanks for your help.
Upvotes: 1
Views: 305
Answers (1)
Reputation: 4896
HTML5 iframes have sandboxing technology built in, but you have to enable it first. This means that XSS won't be an option, so if you're making iframe widgets that handle personal information, like Facebook do, as long as you do the usual stuff, there's nothing you should be concerned about.
Upvotes: 1
Related Questions
- Why are iframes considered dangerous and a security risk?
- What are the security implications of uploading files from an iframe?
- Security Risks of Including a 3rd Party iFrame
- iFrame Security Risks from Embedding by Hacker
- JavaScript and iframes: dangerous for my website?
- What are the dangers of using an SSL iframe within SSL pages
- Any disadvantages to using iframes
- In what ways can inserting an iframe tag containing potentially untrusted content into HTML markup be dangerous?
- Security implications of allowing framing?
- What are the potential pitfalls of using HTML Frames for templating?