Coderwael

Hosting Support
1

Website URL

(coderwael)

Error Message

(any website stored on IF servers can be inserted into <iframe>

maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/website

but I think you should look at the settings on google
because I assume this is the server where you want that iframe

test httpa://www.coderwael.com/
)

Other Information

(other information and details relevant to your question)

2

What do you mean? Can you please be more specific about your question?

3

Hi Herbert,

I think there’s a bug in the forum (which might be a security vulnerability btw), making his question <iframe> become an actual embed.

His original words (based on code interpretation):

(any website stored on IF servers can be inserted into <iframe>
maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/website
but I think you should look at the settings on google because I assume this is the server where you want that iframe test https://www.coderwael.com/)

As to answering the question, @coderwael do you mean you have iframe issues on your website or are you experiencing an error message or do you want to raise awareness to this iframe issue here?

Cheers!

6 Likes
4

Ah got it thanks, It won’t be vulnerability if the system in a sandbox.

1 Like
5

Hi Herbert,

Directly rendering iframes without checking can be a vulnerability for XSS, click-jacking, or accidentally executing code on the client side under specific conditions, depending on the actual implementation mechanism.

You may read more on this here:

Cheers!

5 Likes
6

I’m sorry, but I don’t understand what you mean. Do you want your site to have iframes? Do you want your site to be in an iframe? Or do you want to protect your site against one or both of those things from happening?

Embedding sites hosted here into iframes generally doesn’t work because of our browser validation system. Embedding other sites into inframes should just work, assuming the target site haven’t blocked it (and many sites do these days).

CSP should prevent that from happening I think. And this <iframe> tag was incomplete, so that might confuse the HTML sanitizer.

5 Likes
7

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.