[thelist] Iframes on IE6 on a clean installed Windows XP w. SP2

[Andrew Clover]

Mattias Hising <hising at home.se> wrote:

> From the usercontext-url, we will consume pages from a different
> subdomain via SSL in inline-frames.

> security-changes Microsoft made with Service Pack 2 on Internet
> Explorer 6 may make this solution obsolete.

I believe the security issues are more to do with cross-frame scripting 
and externally navigating the frame than with embedding one site in 
another as such. Should be okay as long as you don't need the subframe 
to communicate with the top frame.

However, by framing the secure stuff in an unencrypted container you 
won't be able to get the padlock lit up, which would be a no-no for most 
people if they're asked for card details. Where something important like 
payment processing is concerned, it's usually best to keep it as simple 
as possible.

-- 
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/