[thelist] iframes evil? (was RE: Grabbing a file across domains)

Christian Heilmann codepo8 at gmail.com
Wed Jan 10 10:52:22 CST 2007

> > Iframe is IMHO just dirty, unsafe and useless.
> prompting my question: we're working on an insurance quoting site for a
> new client. the quoting tools (provided by a vendor, who also hosts the
> site) are all currently in frames, with the client in control of the
> peripheral frames, and the content frame coming from the vendor. these
> are forms, probably talking to server side code (I don't know for sure)
> and spitting responses back to the visitor.
> frames are obviously a usability/accessibility issue; if iframes are
> just the first step down the same slippery slope, what's the best
> practice for including someone else's pages, in their entirety, within
> our pages?

That is another issue. Let me rephrase:

Hacking Cross-Domain Ajax with IFRAMES is a bad idea in terms of
security and reliability.

Chris Heilmann
Book: http://www.beginningjavascript.com
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/

More information about the thelist mailing list