IFrame

From Wikipedia, the free encyclopedia

This article is about inline frames in HTML. For I-frames in video compression, see video compression picture types.

IFrame (from "Inline Frame") is an HTML element which makes it possible to embed an HTML document inside another HTML document.

The size of the IFrame can be specified in the surrounding HTML page, so that the surrounding page can already be presented in the browser while the IFrame is still being loaded. The IFrame behaves much like an inline image and the user can scroll it out of view. On the other hand, the IFrame can contain its own scroll bar, independent of the surrounding page's scroll bar.

While regular frames are typically used to logically subdivide the content of one website, IFrames are more commonly used to insert content (for instance an advertisement) from another website into the current page.

The following is an example of an HTML document containing an IFrame:

<html>
    <body>
        The material below comes from the website http://example.com
        <iframe src="http://example.com" height="200">
            Alternative text for browsers that do not understand IFrames.
        </iframe>
    </body>
 </html>

The embedded document can be a different one without reloading the surrounding page, by using the "target" attribute of an HTML anchor or by employing JavaScript. This makes many interactive applications possible, and IFrames are therefore commonly used by Ajax applications. The main alternative to using an IFrame in these situations is editing a document's DOM tree. Sometimes invisible IFrames are also used for asynchronous communication with the server, as an alternative to XMLHttpRequest.

More recently, Mozilla Firefox, Opera and Microsoft Internet Explorer introduced contentEditable and designMode, which enables users to edit the contents of the HTML contained in an IFrame. This feature has been used to develop rich text (WYSIWYG) editors within an IFrame element like FCKeditor or TinyMCE. Popular web applications which make use of this feature include Google Docs & Spreadsheets (formerly Writely), JotSpot Live, and Windows Live Hotmail to name a few.

IFrames have been implicated in many malicious code attacks, due to a series of common vulnerabilities. This was evident in many 2007 web based threats, notably the so-called Italian Job of June, 2007.[1] An IFrame can be planted on an unsuspecting legitimate website, leading the casual viewer into an infection threat. This may happen when a site is hacked, or more easily, when a site forwards results of local searches to global search engines. On such a site, the hacker only needs to perform a search that includes a malicious IFrame; a user who clicks the search result in the global search engine will be infected.[2]

[edit] References

  1. ^ Robert McMillan (2007). 'Italian job' Web attack hits 10,000 sites. Network World, June 19 2007.
  2. ^ Jack Schofield (2008). What's an IFrame attack and why should I care? The Guardian, April 3 2008

[edit] External links