Show some love for iframes

2 points by waltz 13 years ago · 5 comments · 1 min read

Why is it that a lot of them websites have the x-frame-options to deny access from another url?

This stops the possibility of making iframe based browsers.

What do you have to lose by allowing iframes to your site?

You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.

waltzOP 13 years ago

Hmm that is a fair point.
Maybe a more secure alternative to iframes can emerge. Something like Chrome's WebViews.
Even though as of right now native browsers can intercept your data as well, it's a matter of trusting the tool.
gcb0 13 years ago

How exactly do you use javascript cross domain like that? i'd love to know.
- gregorkas 13 years ago
  
  You don't. You register a key press event listener on the main page and when the user types into the iframe, you can catch the strokes.
  Example: http://www.jayssite.com/misc/iframesample.html (not my site, I googled it)
  - gcb0 13 years ago
    
    i don't think this example is cross-domain...

Settings