(any website stored on IF servers can be inserted into <iframe>
maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/website
but I think you should look at the settings on google
because I assume this is the server where you want that iframe
test httpa://www.coderwael.com/
)
Other Information
(other information and details relevant to your question)
I think there’s a bug in the forum (which might be a security vulnerability btw), making his question <iframe> become an actual embed.
His original words (based on code interpretation):
(any website stored on IF servers can be inserted into <iframe>
maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/website
but I think you should look at the settings on google because I assume this is the server where you want that iframe test https://www.coderwael.com/)
As to answering the question, @coderwael do you mean you have iframe issues on your website or are you experiencing an error message or do you want to raise awareness to this iframe issue here?
Directly rendering iframes without checking can be a vulnerability for XSS, click-jacking, or accidentally executing code on the client side under specific conditions, depending on the actual implementation mechanism.
I’m sorry, but I don’t understand what you mean. Do you want your site to have iframes? Do you want your site to be in an iframe? Or do you want to protect your site against one or both of those things from happening?
Embedding sites hosted here into iframes generally doesn’t work because of our browser validation system. Embedding other sites into inframes should just work, assuming the target site haven’t blocked it (and many sites do these days).
CSP should prevent that from happening I think. And this <iframe> tag was incomplete, so that might confuse the HTML sanitizer.