Highlighted

Iframe static size

New Here ,
Nov 05, 2018

Copy link to clipboard

Copied

I don't quite know how to frame this and it may already be answered, if so just link to the answer. I am trying iframes for the first time. Basically most of the pages on my site have a menu at the bottom of the page that points to different pages on my site, and that menu needs to be the same across pages. I currently copy and paste the contents in the window to the next page etc. and that works fine. However I have dozens of pages and changing all of them when I change the contents of the menu is a real PITA. So I created a page with just the contents of the menu. I can create an iframe that shows that menu page without any problems. I made the frame size fit the contents of the menu page. However if it's smaller than the menu page it shows scrollbars. a size that makes one scroll across or down to see the entire contents. I don't want that to happen, and I need it to dynamically change the size to fit the contents of the menu page if that page size changes. I can play with the width and height so that it doesn't scroll, but I don't know how this would be shown in other browsers (it does work on Firefox and IE).

Adobe Community Professional
Correct answer by Nancy OShea | Adobe Community Professional

Iframes are an emphatic  NO .   Security and performance issues aside, iFrames are a last resort for when you absolutely can't do it any other way.

Sever-side Includes are a resounding YES .

Alt-Web Design & Publishing: Server-Side Includes with PHP

Another option is to fetch content with AJAX (asynchronous JavaScript and XML).

AJAX Introduction

Views

608

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Iframe static size

New Here ,
Nov 05, 2018

Copy link to clipboard

Copied

I don't quite know how to frame this and it may already be answered, if so just link to the answer. I am trying iframes for the first time. Basically most of the pages on my site have a menu at the bottom of the page that points to different pages on my site, and that menu needs to be the same across pages. I currently copy and paste the contents in the window to the next page etc. and that works fine. However I have dozens of pages and changing all of them when I change the contents of the menu is a real PITA. So I created a page with just the contents of the menu. I can create an iframe that shows that menu page without any problems. I made the frame size fit the contents of the menu page. However if it's smaller than the menu page it shows scrollbars. a size that makes one scroll across or down to see the entire contents. I don't want that to happen, and I need it to dynamically change the size to fit the contents of the menu page if that page size changes. I can play with the width and height so that it doesn't scroll, but I don't know how this would be shown in other browsers (it does work on Firefox and IE).

Adobe Community Professional
Correct answer by Nancy OShea | Adobe Community Professional

Iframes are an emphatic  NO .   Security and performance issues aside, iFrames are a last resort for when you absolutely can't do it any other way.

Sever-side Includes are a resounding YES .

Alt-Web Design & Publishing: Server-Side Includes with PHP

Another option is to fetch content with AJAX (asynchronous JavaScript and XML).

AJAX Introduction

Views

609

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Nov 05, 2018 0
Adobe Community Professional ,
Nov 05, 2018

Copy link to clipboard

Copied

Don't use iframes, they're really not the right way to do this.

Use some basic Server Side Includes instead, they're far easier and make a lot more sense.

If you have PHP installed on your server (most do) you simply create a small file that holds just the html from your menu (the include file). No <html>, <body> or <head> tags, nothing extra, just the code for the menu. You then call for that file with a small include snippet and the server writes the code from the include file where you place the snippet.

PHP Tutorial - Include File

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 0
New Here ,
Nov 05, 2018

Copy link to clipboard

Copied

Unfortunately I am limited to what I have. A related question while I have your attention. Is there a way to "discover" the size of a page?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 0
New Here ,
Nov 05, 2018

Copy link to clipboard

Copied

Iforgot to say that it appears to work just fine.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 0
LEGEND ,
Nov 05, 2018

Copy link to clipboard

Copied

You _can_ do server side includes without changing to a dynamic server-side language like PHP, ASP, ColdFusion, etc.  You just create a navigation file, give it an extension of .shtml, and include it across all pages.  Change one navigation file, that change appears on all pages that include the navigation file.

https://www.yourhtmlsource.com/sitemanagement/includes.html

Easier to maintain, and most webservers (IIS, Apache, etc.) support it.  If your hosting service doesn't support SSI, you should find a new host.

Just my two cents,

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 0
Adobe Community Professional ,
Nov 05, 2018

Copy link to clipboard

Copied

Iframes are an emphatic  NO .   Security and performance issues aside, iFrames are a last resort for when you absolutely can't do it any other way.

Sever-side Includes are a resounding YES .

Alt-Web Design & Publishing: Server-Side Includes with PHP

Another option is to fetch content with AJAX (asynchronous JavaScript and XML).

AJAX Introduction

Nancy O'Shea, ACP
Alt-Web Design & Publishing

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 1
Adobe Community Professional ,
Nov 05, 2018

Copy link to clipboard

Copied

https://forums.adobe.com/people/Nancy+OShea  a écrit

Iframes are an emphatic  NO .   Security and performance issues aside, iFrames are a last resort for when you absolutely can't do it any other way.

I'm doing research work on the wrong side of iframes. Could you Nancy, or others who are interested in this subject, give me leads, url, or articles about security issues when using iframes on a page ?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

I think that you are being mischievous Mr Birnou. You know that iframes are not a security risk unless the content is being served from outside of your control.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

in fact and without playing on the subtleties of the language, I have often noticed that when someone advise not to use iframes, the implicit message that goes with it concerns security, performance, etc... but no one never explicitly refer to the site that is mirrored in this open frame of the page.

so I'm doing a research work on the wrong side of iframes. an that's why I asked everyone who is interested in this subject, to give me leads, url, or articles about security issues when using iframes on a page ? or any wrong sides of iframe

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

Clickjacking

https://www.owasp.org/index.php/Clickjacking

Cross Frame Scripting

https://www.owasp.org/index.php/Cross_Frame_Scripting

Excerpt from StackOverflow

html - Why are iframes considered dangerous and a security risk? - Stack Overflow

"IFRAME element may be a security risk if any page on your site contains an XSS vulnerability which can be exploited. In that case the attacker can expand the XSS attack to any page within the same domain that can be persuaded to load within an <iframe> on the page with XSS vulnerability. This is because content from the same origin (same domain) is allowed to access the parent content DOM (practically execute JavaScript in the "host" document). The only real protection methods from this attack is to add HTTP header X-Frame-Options: DENY and/or always correctly encode all user submitted data (that is, never have an XSS vulnerability on your site - easier said than done)."

Mozilla Developers Network/  Pay close attention to Sandbox and its browser support

<iframe>: The Inline Frame element - HTML: HyperText Markup Language | MDN

Nancy O'Shea, ACP
Alt-Web Design & Publishing

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 2
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

thank's Nancy for your feedback.

well none of those links indicate that iframe are dangerous, in themselves, to be used in a web site, except if what is linked inside the iframe is something malicious.

As Ben said, it is like linking a malicious script to the page,

by the way, I like the last link which is just MDN encyclopedia... ... I love MDN

so please, let me reformulate my initial question, if someone use iframe where both host page and iframe content are coming from the same domain, (as the OP asked) what are the security and performances issues when using iframes in that case ? (either if SSI is better adapted) or Library item as we are in a DW forum ?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
Adobe Community Professional ,
Nov 05, 2018

Copy link to clipboard

Copied

And one more option you might want to read about is Dreamweaver's  proprietary Templates (DWT files).  

How to design web pages based on Dreamweaver templates

Alt-Web Design & Publishing: Working With Dreamweaver Templates (.dwt files)

Nancy O'Shea, ACP
Alt-Web Design & Publishing

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 05, 2018 1
New Here ,
Nov 06, 2018

Copy link to clipboard

Copied

I'm really trying to hold my tongue but it seems like whenever I ask a simple question in this forum I get shot down because I'm "doing it wrong". Some people may want to think of that, I'm sure quite a few people seeking some simple help are also fed up with it. For some of this isn't a way of life, just a way to construct and maintain rudimentary websites.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

orerockon , I am sorry that you feel that way.  Basically, what Nancy has said is correct, you should not be using an iframe for that purpose, server side includes are a much better and safer way to go.

This is not attacking you, it is Nancy's way (and probably that of most advisers in this forum)  of helping you. Yes you can use iframes if you prefer that method, but be assured that, aside of the perceived security risks, the implementation will be a lot harder than using SSI.

Birnou, who is an educator, was asking Nancy what proof she has regarding the security risks when using iframes so that he can arm himself when passing the information on to his students.

Because I am of the belief that an iframe is no more of a risk than script or link, I playfully joined the conversation as the devil's advocate, not aimed at you, but at both Birnou and Nancy.

So, for that, I apologise.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

BenPleysier  a écrit

Birnou, who is an educator, was asking Nancy what proof she has regarding the security risks when using iframes so that he can arm himself when passing the information on to his students.

although I have nothing against being an educator... I don't consider myself a educator...

my main professional activity is based either in the development of mobile applications (generally for intranets of assistance companies, in the medical and hospital environment, marine insurance...) or in company support in order to help them set up solutions to manage their data flow...

and it's true that in this case, it can often be likened to training... hence universities have often asked me to intervene as a pro speaker in their amphitheatre... from here to there, video2brain and Adobe then asked me to present some axes of their catalogue and in particular on DW and the technologies that revolve around it.

but I'm not an educator for that...

anyway, quite often students (if we have to call them that way) generally know much more than I do... I just have my own experience to offer them.

in the amphitheatre, there is a desk and bleachers, but that is coming from the old age... quickly you find yourself mixed up in sharing the same passion and debating it (a little like here)... the only difference is between those who live financially from this passion and the others.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0
LEGEND ,
Nov 07, 2018

Copy link to clipboard

Copied

https://forums.adobe.com/people/B+i+r+n+o+u  wrote

... and Adobe then asked me to present some axes of their catalogue and in particular on DW and the technologies that revolve around it.

You may want to rephrase that Birnou.

To me that reads as though Adobe asked you what to get rid of, (axe a feature or program = eol or remove it from current offerings).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 07, 2018 0
Adobe Community Professional ,
Nov 07, 2018

Copy link to clipboard

Copied

pziecina  a écrit

You may want to rephrase that Birnou.

To me that reads as though Adobe asked you what to get rid of, (axe a feature or program = eol or remove it from current offerings).

well, ... it can be used in both way...

- and Adobe then asked me to present some of the main themes of their catalogue and in particular on DW and the technologies that revolve around it.

but also

-and Adobe then asked me to present some applications from their catalogue and in particular on DW that would be brought to the shelves (but also Dreamweaver, Fireworks, Freehand, Director, Flash, Breeze...).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 07, 2018 0
Adobe Community Professional ,
Nov 06, 2018

Copy link to clipboard

Copied

yope, Ben said everything... please don't take any offense, and please, as Ben said, if using an iframe is a way to handle stuff for your problem, go ahead and use it...

personnally when I use an iframe solution it is generally to protect a second delivery server which has to respond to a unique ID (the one from the hosting main page) and in that case I use a reverse proxy server for that purpose.

I share the same point as advocated by Ben, iframe are no more dangerous than a link to a malecious script ... so it all depends on what you're hosting in the iframe

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 06, 2018 0