tags:

views:

206

answers:

2
Q: 

Display Documents in an IFrame

A colleague set up an intranet application where the users can upload documents. These documents are displayed afterwards in an IFRAME using <IFRAME src="document.doc"></IFRAME> - of course this only works in IE. While this works with some users, others (including myself) do not see the document, but rather a download dialogue allowing them to download the document.

I vaguely remember that there was a recent security issue with displaying MS Office documents in IFRAMES, but could not find any information whether there was a security update blocking this. Anyone here who has a clue?

I am not looking for alternatives for the IFrame, I just want to know why some users are displayed the download box while other users see the inline document.

A: 

You might consider an RTE like CKEditor. It allows the user to cut-and-paste from Word (I assume you are primarily concerned with Word docs given your problem description) and then to view and edit. CKEditor claims to be "compatible with all major browsers."

Upper Stage  2009-12-08 16:53:56
+1  A: 

If you get a download dialogue instead of displaying the document inline in an iframe, then:

  1. you probably haven't installed the Office Web Components. You can change the components Office has installed from its Add/Remove Programs entry in the Control Panel. But,

  2. DON'T. There have been endless security holes in OWC. Installing a plugin means a great deal of new net-facing code and subsequently a great potential for exploitable bugs, especially in software that wasn't originally intended to be net-facing like Office.

Install the absolute minimum number of plugins you can get away with (these days usually just Flash). Don't install every plugin an application offers you, don't install a PDF plugin, and definitely don't install a load of plugins for Office documents.

Is viewing an Office document in a little annoying scrolly box tucked into a web page really compelling enough to justify the risk? I suggest that no, it's in fact much much less usable than just downloading the document to the desktop and opening it in a proper document editor/viewer.

bobince  2009-12-08 18:18:06
OWC was the key word, thank you.
Alexander Reifinger  2009-12-09 09:11:44

related questions

Prevent Use of the Back Button (in IE)
How to stop IIS asking authentication for default website on localhost
Why do I cannot jQuery my page under Internet Explorer
How To Write a Plug-In for IE
Firefox vs. IE: innerHTML handling
Detect DOM modification in Internet Explorer
Good reasons for not letting the browser launch local applications
Printing DOM Changes
IE6 security login (debugging via VirtualPC)
What is your best tool or techniques for getting the same display on IE6/7 and Firefox?
IE 7+ Favorites
IE Securty Zone Issues
JavaScript Profiler in IE
IE6 - can't load a normal JPG
Opening Explorer shell with admin priveleges on XP (with IE7 installed)
Should we support IE6 anymore?
How do I add a pre tag inside a code tag with jQuery?
How can I get Unicode characters to display properly for the tooltip for the IMG ALT in IE7?
Weird event behavior in IE7
Firebug for IE
Debugging Javascript in Internet Explorer and Safari
IE6: To support or not to support.
Tabbed file browsing in Windows
Debugging: IE6 + SSL + AJAX + post form = 404 error
Javascript troubleshooting tools in IE