![]() ![]() This does not affect the Remember Password feature of the browser, but is correct that users may not realize the presense of an iframe at all. With an iframe, the browser address bar still shows your site, so if an external site asked for a password, users would think they're telling your site the password, when in reality they're telling the external site. ![]() just partners as you say) then you are less likely to be accidentally guiding users to such makes an excellent comment: If you only allow a select set of sites (i.e. Less-tech-savvy users are more easily tricked into downloading malware from tricky malicious sites. Ideally, you only allow such redirection or iframing to your Partner, and not to 'any random site'. I would say that redirect (or popup window) is ever-so-slightly safer. However I believe the risk difference there is quite small when comparing iframe vs redirect as you are asking. This is more likely in a plugin than with JavaScript. ![]() Obviously there is the risk of a vulnerability in the user's setup. Thanks to Same Origin Policy, JavaScript and other plugins should stay fully contained within the iframe. While these are not supported in all browsers, they can be helpful to restrict certain actions the attacker might take, such as redirecting the user (replacing your page) rather than being contained in the iframe. You should look into the HTML5 Sandbox options. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |