Hacker News new | past | comments | ask | show | jobs | submit login
Show some love for iframes
2 points by waltz on May 22, 2013 | hide | past | favorite | 5 comments
Why is it that a lot of them websites have the x-frame-options to deny access from another url?

This stops the possibility of making iframe based browsers.

What do you have to lose by allowing iframes to your site?




You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.


Hmm that is a fair point.

Maybe a more secure alternative to iframes can emerge. Something like Chrome's WebViews.

Even though as of right now native browsers can intercept your data as well, it's a matter of trusting the tool.


How exactly do you use javascript cross domain like that? i'd love to know.


You don't. You register a key press event listener on the main page and when the user types into the iframe, you can catch the strokes.

Example: http://www.jayssite.com/misc/iframesample.html (not my site, I googled it)


i don't think this example is cross-domain...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: