Iframe static size

Unfortunately I am limited to what I have. A related question while I have your attention. Is there a way to "discover" the size of a page?

Iforgot to say that it appears to work just fine.

You _can_ do server side includes without changing to a dynamic server-side language like PHP, ASP, ColdFusion, etc.  You just create a navigation file, give it an extension of .shtml, and include it across all pages.  Change one navigation file, that change appears on all pages that include the navigation file.

https://www.yourhtmlsource.com/sitemanagement/includes.html

Easier to maintain, and most webservers (IIS, Apache, etc.) support it.  If your hosting service doesn't support SSI, you should find a new host.

Just my two cents,

V/r,

^ _ ^

https://forums.adobe.com/people/Nancy+OShea  a écrit Iframes are an emphatic  NO .   Security and performance issues aside, iFrames are a last resort for when you absolutely can't do it any other way.

I'm doing research work on the wrong side of iframes. Could you Nancy, or others who are interested in this subject, give me leads, url, or articles about security issues when using iframes on a page ?

I think that you are being mischievous Mr Birnou. You know that iframes are not a security risk unless the content is being served from outside of your control.

in fact and without playing on the subtleties of the language, I have often noticed that when someone advise not to use iframes, the implicit message that goes with it concerns security, performance, etc... but no one never explicitly refer to the site that is mirrored in this open frame of the page.

so I'm doing a research work on the wrong side of iframes. an that's why I asked everyone who is interested in this subject, to give me leads, url, or articles about security issues when using iframes on a page ? or any wrong sides of iframe

Clickjacking

https://www.owasp.org/index.php/Clickjacking

Cross Frame Scripting

https://www.owasp.org/index.php/Cross_Frame_Scripting

Excerpt from StackOverflow

html - Why are iframes considered dangerous and a security risk? - Stack Overflow

"IFRAME element may be a security risk if any page on your site contains an XSS vulnerability which can be exploited. In that case the attacker can expand the XSS attack to any page within the same domain that can be persuaded to load within an <iframe> on the page with XSS vulnerability. This is because content from the same origin (same domain) is allowed to access the parent content DOM (practically execute JavaScript in the "host" document). The only real protection methods from this attack is to add HTTP header X-Frame-Options: DENY and/or always correctly encode all user submitted data (that is, never have an XSS vulnerability on your site - easier said than done)."

Mozilla Developers Network/  Pay close attention to Sandbox and its browser support

<iframe>: The Inline Frame element - HTML: HyperText Markup Language | MDN

thank's Nancy for your feedback.

well none of those links indicate that iframe are dangerous, in themselves, to be used in a web site, except if what is linked inside the iframe is something malicious.

As Ben said, it is like linking a malicious script to the page,

by the way, I like the last link which is just MDN encyclopedia... ... I love MDN

so please, let me reformulate my initial question, if someone use iframe where both host page and iframe content are coming from the same domain, (as the OP asked) what are the security and performances issues when using iframes in that case ? (either if SSI is better adapted) or Library item as we are in a DW forum ?

orerockon , I am sorry that you feel that way.  Basically, what Nancy has said is correct, you should not be using an iframe for that purpose, server side includes are a much better and safer way to go.

This is not attacking you, it is Nancy's way (and probably that of most advisers in this forum)  of helping you. Yes you can use iframes if you prefer that method, but be assured that, aside of the perceived security risks, the implementation will be a lot harder than using SSI.

Birnou, who is an educator, was asking Nancy what proof she has regarding the security risks when using iframes so that he can arm himself when passing the information on to his students.

Because I am of the belief that an iframe is no more of a risk than script or link, I playfully joined the conversation as the devil's advocate, not aimed at you, but at both Birnou and Nancy.

So, for that, I apologise.

BenPleysier  a écrit Birnou, who is an educator, was asking Nancy what proof she has regarding the security risks when using iframes so that he can arm himself when passing the information on to his students.

although I have nothing against being an educator... I don't consider myself a educator...

my main professional activity is based either in the development of mobile applications (generally for intranets of assistance companies, in the medical and hospital environment, marine insurance...) or in company support in order to help them set up solutions to manage their data flow...

and it's true that in this case, it can often be likened to training... hence universities have often asked me to intervene as a pro speaker in their amphitheatre... from here to there, video2brain and Adobe then asked me to present some axes of their catalogue and in particular on DW and the technologies that revolve around it.

but I'm not an educator for that...

anyway, quite often students (if we have to call them that way) generally know much more than I do... I just have my own experience to offer them.

in the amphitheatre, there is a desk and bleachers, but that is coming from the old age... quickly you find yourself mixed up in sharing the same passion and debating it (a little like here)... the only difference is between those who live financially from this passion and the others.

https://forums.adobe.com/people/B+i+r+n+o+u  wrote ... and Adobe then asked me to present some axes of their catalogue and in particular on DW and the technologies that revolve around it.

You may want to rephrase that Birnou.

To me that reads as though Adobe asked you what to get rid of, (axe a feature or program = eol or remove it from current offerings).

pziecina  a écrit You may want to rephrase that Birnou. To me that reads as though Adobe asked you what to get rid of, (axe a feature or program = eol or remove it from current offerings).

well, ... it can be used in both way...

- and Adobe then asked me to present some of the main themes of their catalogue and in particular on DW and the technologies that revolve around it.

but also

-and Adobe then asked me to present some applications from their catalogue and in particular on DW that would be brought to the shelves (but also Dreamweaver, Fireworks, Freehand, Director, Flash, Breeze...).

yope, Ben said everything... please don't take any offense, and please, as Ben said, if using an iframe is a way to handle stuff for your problem, go ahead and use it...

personnally when I use an iframe solution it is generally to protect a second delivery server which has to respond to a unique ID (the one from the hosting main page) and in that case I use a reverse proxy server for that purpose.

I share the same point as advocated by Ben, iframe are no more dangerous than a link to a malecious script ... so it all depends on what you're hosting in the iframe