SyntaxFix

[html] What's the difference between IFrame and Frame?

Looking at options for embedding the 3D Secure page inside my own order form, I came across the following:

"Some commerce sites will devote the full browser page to the authentication rather than using a frame (not necessarily an iFrame, which is a less secure object anyway)."

from http://en.wikipedia.org/wiki/3-D_Secure

Can someone give me the lowdown as to why iframes are less secure, and cause problems, as opposed to normal frames? And what are the basic differences?

The way I see it, iframe is the way to go.

This question is related to html iframe frame

The answer is

The only reasons I can think of are actually in the wiki article you referenced to mention a couple...

"The "Verified by Visa" system has drawn some criticism, since it is hard for users to differentiate between the legitimate Verified by Visa pop-up window or inline frame, and a fraudulent phishing site."

"as of 2008, most web browsers do not provide a simple way to check the security certificate for the contents of an iframe"

If you read the Criticism section in the article it details all the potential security flaws.

Otherwise the only difference is the fact that an IFrame is an inline frame and a Frame is part of a Frameset. Which means more layout problems than anything else!

Inline frame is just one "box" and you can place it anywhere on your site. Frames are a bunch of 'boxes' put together to make one site with many pages.

While the security is the same, it may be easier for fraudulent applications to dupe users using an iframe since they have more flexibility regarding where the frame is placed.

iframes are used a lot to include complete pages. When those pages are hosted on another domain you get problems with cross side scripting and stuff. There are ways to fix this.

Frames were used to divide your page into multiple parts (for example, a navigation menu on the left). Using them is no longer recommended.

IFrame is just an "internal frame". The reason why it can be considered less secure (than not using any kind of frame at all) is because you can include content that does not originate from your domain.

All this means is that you should trust whatever you include in an iFrame or a regular frame.

Frames and IFrames are equally secure (and insecure if you include content from an untrusted source).

Source: Stackoverflow.com

Examples related to html

Embed ruby within URL : Middleman Blog Please help me convert this script to a simple image slider Generating a list of pages (not posts) without the index file Why there is this "clear" class before footer? Is it possible to change the content HTML5 alert messages? Getting all files in directory with ajax DevTools failed to load SourceMap: Could not load content for chrome-extension How to set width of mat-table column in angular? How to open a link in new tab using angular? ERROR Error: Uncaught (in promise), Cannot match any routes. URL Segment

Examples related to iframe

Getting all files in directory with ajax YouTube Autoplay not working Inserting the iframe into react component How to disable auto-play for local video in iframe iframe refuses to display iFrame onload JavaScript event YouTube iframe embed - full screen Change New Google Recaptcha (v2) Width load iframe in bootstrap modal Responsive iframe using Bootstrap

Examples related to frame

Adjust UILabel height to text What is the height of Navigation Bar in iOS 7? How do I change the background of a Frame in Tkinter? Tkinter scrollbar for frame Python Tkinter clearing a frame Switch between two frames in tkinter Html code as IFRAME source rather than a URL UIView frame, bounds and center Simple way to change the position of UIView? What's the difference between IFrame and Frame?

Tags

Portal-system Option-strict Asenumerable Stl-algorithm Htc-hero Tankauth Mod-auth Shell-icons Servicecontract Uipicker Bea Xsql Expression-web Isr User-accounts Xmla Updateexception Mysql-backup Ccrewrite Ora-01747 Anti-piracy Fgetpos Ilookup Linear-algebra Dtd Stringescapeutils Cron Microsoft-sal Least-privilege Grand-central-dispatch Groupwise-maximum Zombie-process Typo3 Precompute Mouse-position Subview Coin-change Principal Matomo Pass-by-name Pia Registrykey Video-library Django-cms Overheating Document-carousel Http-status-code-405 Android-pullparser Security-trimming Compatibility-mode Svn-update Google-data-protocol Bug-tracker Addressof Tquery Efv4 Boost-random Django-unittest Webviewclient Bidirectional-relation Sqlalchemy-migrate Copy-mode Aero-peek Mojoportal Custom-events Faulted Eclipse-templates Render-to-texture List.selectedvalue Spinning Retained-in-memory Affinity Otrs Make-shared Release-management Uniquery Skunk-works Expand C++filt Localizable.strings All-files Snapshot-view Offsetwidth Delphi-6 Genexus Diagrams Ndebug Rollover Pngfix Artwork Acts-as-tree Popup-balloons Greensoftware Windowing Mouse-pointer Kohana-auth Albumart Jquery-ui-css-framework Agi Spell-checking