- IFrame
IFrame (from "Inline Frame") is an
HTML element which makes it possible to embed anHTML document inside another HTML document.The size of the IFrame can be specified in the surrounding HTML page, so that the surrounding page can already be presented in the browser while the IFrame is still being loaded. The IFrame behaves much like an inline image and the user can scroll it out of view. On the other hand, the IFrame can contain its own scroll bar, independent of the surrounding page's scroll bar.
While regular frames are typically used to logically subdivide the content of one
website , IFrames are more commonly used to insert content (for instance an advertisement) from another website into the current page.The following is an example of an HTML document containing an IFrame:
The embedded document can be changed without reloading the surrounding page, by using the "target" attribute of an HTML anchor or by employing
JavaScript . This makes many interactive applications possible, and IFrames are therefore commonly used by Ajax applications. The main alternative to using an IFrame in these situations is editing a document's DOM tree. Sometimes invisible IFrames are also used for asynchronous communication with the server, as an alternative toXMLHTTPRequest .More recently,
Mozilla Firefox , Opera and Microsoft Internet Explorer introducedcontentEditable
anddesignMode
, which enables users to edit the contents of the HTML contained in an IFrame. This feature has been used to develop rich text (WYSIWYG ) editors within an IFrame element likeFCKeditor orTinyMCE . Popular web applications which make use of this feature includeGoogle Docs & Spreadsheets (formerly "Writely"), JotSpot Live, andWindows Live Hotmail , to name a few.First introduced by Microsoft Internet Explorer in 1997 and long only available in that browser, iframes eventually became supported by all major brands.
ecurity Issues
IFrames have been implicated in many malicious code attacks, due to a series of common vulnerabilities. This was evident in many 2007 web based threats, notably the so-called Italian Job of June, 2007. [Robert McMillan (2007). [http://www.networkworld.com/news/2007/061907-italian-job-web-attack.html 'Italian job' Web attack hits 10,000 sites] . "Network World", June 19 2007.] An IFrame can be planted on an unsuspecting legitimate website, leading the casual viewer into an infection threat. This may happen when a site is hacked, or more easily, when a site forwards results of local searches to global search engines. On such a site, the hacker only needs to perform a search that includes a malicious IFrame; a user who clicks the search result in the global search engine will be infected. [Jack Schofield (2008). [http://www.guardian.co.uk/technology/2008/apr/03/security.google What's an IFrame attack and why should I care?] "The Guardian", April 2008 ]
References
External links
* [http://www.w3.org/TR/html4/present/frames.html#h-16.5 Specification of the IFrame element from W3C]
* [http://www.pcworld.idg.com.au/index.php/id;271828304;fp;2;fpid;1 Hackers expand massive IFRAME attack to prime sites]
Wikimedia Foundation. 2010.