InsideDarkWeb.com

What are the security risks of allowing users to add iframes?

In my web app I’m using a good sanitizer which let’s me to whitelist some specific html tags.
I’d like to allow <iframe> so that users can insert youtube videos and so on.
However I’m worried about vulnerabilities that this approach would introduce.
So not sure this is a safe idea.
Appreciate your hints about this.

Information Security Asked on November 21, 2021

1 Answers

One Answer

"As soon as you're displaying content from another domain, you're basically trusting that domain not to serve-up malware. There's nothing wrong with iframes per se. If you control the content of the iframe, they're perfectly safe." - Shamelessly stolen from this thread.

However your web app could be vulnerable if there is XSS vulnerability inside the iframe content. You can mitigating this by setting the sandbox attribute.

Answered by maximillian1 on November 21, 2021

Add your own answers!

Related Questions

SNMP Enumeration

1  Asked on January 21, 2021 by 1afx0

     

Fixing BLE Passkey Entry with SRP

0  Asked on January 21, 2021 by compsciguy

     

Help in Suricata rule bitmask syntax problem

1  Asked on January 18, 2021 by khalid

   

Challenge-Response authentication and SSL

1  Asked on January 16, 2021 by thunderbolt

         

Network intrusion security warning in router logs

2  Asked on January 15, 2021 by helpme123

 

Securing Android Application API access

1  Asked on January 13, 2021 by a-android-ucg

   

Sqlmap and multipart/form-data forms

2  Asked on January 8, 2021 by brigante

   

Shared Text Content – XSS Safe

1  Asked on January 8, 2021 by newb-4-you-bb

   

Ask a Question

Get help from others!

© 2021 InsideDarkWeb.com. All rights reserved.