What's the difference between IFrame and Frame?

tags:

html
iframe

views:

870

answers:

+1 Q:

What's the difference between IFrame and Frame?

Hello

Looking at options of embedding the 3D Secure page inside my own Order form, I came across the following:

"Some commerce sites will devote the full browser page to the authentication rather than using a frame (not necessarily an iFrame, which is a less secure object anyway)."

from http://en.wikipedia.org/wiki/3-D_Secure

Can someone give me the lowdown as to WHY iframes are less secure, and cause problems, as opposed to normal frames? And what's the basic difference?

The way I saw it, IFrame was the way to go?

Thanks Duncan

+1 A:

The only reasons I can think of is actually in the wiki article you referenced to mention a couple...

"The "Verified by Visa" system has drawn some criticism, since it is hard for users to differentiate between the legitimate Verified by Visa pop-up window or inline frame, and a fraudulent phishing site".

"as of 2008, most web browsers do not provide a simple way to check the security certificate for the contents of an iframe"

If you read the Criticism section in the article it details all the potential security flaws.

Otherwise the only difference is the fact that an IFrame is an inline frame and a Frame is part of a Frameset. Which is more layout problems than anything else!

James 2009-07-03 12:31:32

+3 A:

The difference is an iframe is able to "float" within content in a page, that is you can create an html page and position an iframe within it. This allows you to have a page and place another doucment directly in it. A frameset allows you to split the screen into different pages (horizontally and vertically) and display different documents in each part.

Read

IFrames security summary

rahul 2009-07-03 12:32:17

Doesn't look like those security issues would apply to me, as I'd be directly referencing a secure site (and one that I 100% trust) so don't see how an attacker could sabotage this?

Duncan 2009-07-03 13:40:18

+2 A:

IFrame is just an "internal frame". The reason why it can be considered less secure (than not using any kind of frame at all) is because you can include content that does not originate from your domain.

All this means is that you should trust whatever you include in an iFrame or a regular frame.

Frames and IFrames are equally secure (and insecure if you include content from an untrusted source).

Dan Herbert 2009-07-03 12:33:02

You can include content that does not originate from your domain in regular frames too.

David Dorward 2009-07-03 12:51:13

@David, I probably should have stated that explicitly. I guess I implied that but never really stated it. I'll update my answer to make that more clear. Thanks!

Dan Herbert 2009-07-03 13:13:43

Iframe are used allot to include complete pages. When thoose pages are hosted on another domain you get problems with cross side scripting and stuff. There are ways to fix this ofc

Frames are used to divine your page in multiple part. Like for example a menu on the left.

Ivo 2009-07-03 12:57:56

"Frames are used to divine your page in multiple part. Like for example a menu on the left." The 90's called and whant you back. You should *not* use frames for this. It was common to do that some years ago, but now you should most of the time use serverside includes and css to make your menu. It allows for far greater flexibility on the long run. http://www.velvetblues.com/web-development-blog/why-you-should-not-use-frames-in-your-website/ has some info on the subject.

voyager 2009-07-03 14:36:33

I know :) I just wanted to explain where frame "were" used for (100 years ago ;) )

Ivo 2009-07-10 08:15:48

ansaurus

tags:

views:

answers:

What's the difference between IFrame and Frame?

related questions