The HTML iframe Element and Basic Security
HTML Embedded Content – Part 4
Foreword: In this part of the series, I talk about the HTML iframe element and basic related security.
By: Chrysanthus Date Published: 18 Jan 2016
The iframe element is a double tag element:
The content of the iframe would be an HTML document: <!DOCTYPE HTML> <html><head></head><body> </body></html>
<!DOCTYPE HTML> is optional for the iframe content.
Attributes of the iframe element and their brief meanings are:
src - Address of the resource
srcdoc - A document to render in the iframe
name - Name of nested browsing context
width - Horizontal dimension
height - Vertical dimension
sandbox - Security rules for nested content
src: This holds the URL of the HTML document that the iframe displays.
srcdoc: If you do not want to download the document from a server (website), you would have to type the content of the document delimited by double quotes. Do not forget to escape any double quote (like \") within the content; this prevents conflict between double quote within the content and the delimiters. That content in double quotes will be the value of the srcdoc attribute. If the src attribute and the srcdoc attribute are both specified together, the srcdoc attribute takes priority.
name: This holds the name of the iframe (precisely, name of browsing context).
width: This is the width of the iframe in px
height: This is the height of the iframe in px.
The iframe element has an attribute called, the sandbox attribute. This attribute enables a set of extra restrictions on the content of the iframe. It is a Boolean attribute as well as it can take value. As a Boolean attribute, its presence means true and its absence means false. If present as Boolean attribute, it means all the following features are forbidden: allow-forms, allow-popups, allow-scripts, allow-top-navigation, allow-same-origin, and allow-pointer-lock.
If the attribute (and value) is absent, it means some of these features are allowed and the iframe content may not be able to access the main HTML document.
I will say more about the iframe sandbox security in a different series.
A code example for the use of the iframe element is:
<p>We're not scared of you! Here is your content, unedited:</p>
That is it for this part of the series.
Related LinksBasics of HTML 5
Basics of ECMAScript
HTML DOM Basics
Text Elements in HTML
Microsyntax Dates and Times in HTML
Common Idioms without Dedicated Elements
HTML Embedded Content
HTML Insecurities and Prevention
Presentation Mathematical Markup Language
More Related Links
PurePerl MySQL API
Major in Website Design
Perl Course - Optimized
Web Development Course