Skip to main content

`<iframe>` ↔ Inline Frame Inline Element to embed another HTML page into Web Page

Source: <iframe>: The Inline Frame element - HTML: HyperText Markup Language | MDN

`sandbox`

Attribute to restrict access to <iframe\> vs Browsing Context

`src`

Attribute to set URL of Web Page to embed URL

`srcDoc`

Attribute to load HTML static markup as String into <iframe\>

to manipulate iframe DOM

document.querySelector("iframe").contentWindow

indirect comms with ael

References

srcDoc ↔ Attribute to load HTML static markup as String into <iframe\>
sandbox ↔ Attribute to restrict access to <iframe\> vs Browsing Context
"" ↔ to block access across <iframe\>
ClickJack ↔ exploit to trick user to click for unintended action via invisible <iframe\> - common tactic for abusing ads
"allow-scripts" ↔ to allow <iframe\> to execute JS

sandbox
src
srcDoc
to manipulate iframe DOM
References