Show some love for iframes

2 points by waltz 13 years ago | 5 comments

Why is it that a lot of them websites have the x-frame-options to deny access from another url?

This stops the possibility of making iframe based browsers.

What do you have to lose by allowing iframes to your site?

gregorkas 13 years ago |

You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.

waltz 13 years ago | |

Hmm that is a fair point.

Maybe a more secure alternative to iframes can emerge. Something like Chrome's WebViews.

Even though as of right now native browsers can intercept your data as well, it's a matter of trusting the tool.

gcb0 13 years ago | |

How exactly do you use javascript cross domain like that? i'd love to know.

gregorkas 13 years ago | | |

You don't. You register a key press event listener on the main page and when the user types into the iframe, you can catch the strokes.