Highlighted

Facebook, YouTube API security issue

LEGEND ,
Jul 02, 2018

Copy link to clipboard

Copied

Hello, all,

I've recently been tasked to investigate using Twitter, Facebook, and YouTube APIs on our public-facing page. I have been looking into it, and the Twitter API is very simple - they even have a page that you can use to customise the look and feel of whatever page you wish to grab tweets from and it creates an anchor tag with all the parameters. Very nice.

However, I have come across a stumbling block. The Facebook and YouTube APIs involve using IFRAME. On our network, IFRAME is proscribed. Major security issue (primarily cross-site scripting.)

Is anyone aware of alternative methods for putting a Facebook or YouTube widget on a site that does NOT use IFRAME?

V/r,

^ _ ^

Views

121

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Facebook, YouTube API security issue

LEGEND ,
Jul 02, 2018

Copy link to clipboard

Copied

Hello, all,

I've recently been tasked to investigate using Twitter, Facebook, and YouTube APIs on our public-facing page. I have been looking into it, and the Twitter API is very simple - they even have a page that you can use to customise the look and feel of whatever page you wish to grab tweets from and it creates an anchor tag with all the parameters. Very nice.

However, I have come across a stumbling block. The Facebook and YouTube APIs involve using IFRAME. On our network, IFRAME is proscribed. Major security issue (primarily cross-site scripting.)

Is anyone aware of alternative methods for putting a Facebook or YouTube widget on a site that does NOT use IFRAME?

V/r,

^ _ ^

Views

122

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 02, 2018 0
LEGEND ,
Jul 02, 2018

Copy link to clipboard

Copied

I did find a non-iframe method, here, but it's not displaying anything.  Anyone have any suggestions?

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 02, 2018 0