939

submitted 1 year ago by rcmaehl@lemmy.world to c/programmer_humor@programming.dev

144 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] aloso@programming.dev 13 points 1 year ago

They still have their place; for example to embed Google Maps or a YouTube video. Generally, whenever you want to embed something from a different website you have no control over, that shouldn't inherit your style sheets, and should be sandboxed to prevent cross site scripting attacks.

[-] emidio@lemmy.blahaj.zone 3 points 1 year ago

Are iframes really sandboxed in different processes than the main frame? On which browsers?

[-] aloso@programming.dev 12 points 1 year ago* (last edited 1 year ago)

Iframes cannot access the main frame's DOM if the iframe is from a different origin than the main frame, and they never share the same JavaScript execution context, so an iframe can't access the main frame's variables etc.

It's not required that iframes run in a different process, but I think they do at least in Chrome and Firefox if they're from a different origin. Also, iframes with the sandbox attribute have a number of additional restrictions, which can be individually disabled when needed.

this post was submitted on 28 Jul 2023

939 points (96.3% liked)

Programmer Humor

18872 readers

861 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

Vacant@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev