IFrame

From Wikipedia, the free encyclopedia

IFrame (from inline frame) is an HTML element which makes it possible to embed another HTML document inside the main document.

The size of the IFrame is specified in the surrounding HTML page, so that the surrounding page can already be presented in the browser while the IFrame is still being loaded. The IFrame behaves much like an inline image and the user can scroll it out of view. On the other hand, the IFrame can contain its own scroll bar, independent of the surrounding page's scroll bar.

While regular frames are typically used to logically subdivide the content of one website, IFrames are more commonly used to insert content (for instance an advertisement) from another website into the current page.

The following is an example of an HTML document containing an IFrame:


<html>
 
 <body>
  The material below comes from the website http://example.com:
  <iframe src="http://example.com"
   height="100" width="200" frameborder="0" scrolling="no">
   Alternative text for browsers that do not understand IFrames.
  </iframe>
 </body>
</html>

The embedded document can be a different one without reloading the surrounding page, by using the "target" attribute of an HTML anchor or by employing JavaScript. This makes many interactive applications possible, and IFrames are therefore commonly used by Ajax applications (this is a combination of Asynchronous Javascript and XML languages). The main alternative to using an IFrame in these situations is editing a document's DOM tree. Sometimes invisible IFrames are also used for asynchronous communication with the server, as an alternative to XMLHttpRequest.

More recently, Mozilla Firefox, Opera and Microsoft Internet Explorer introduced contentEditable and designMode, which enables users to edit the contents of the HTML contained in an IFrame. This feature has been used to develop rich text (WYSIWYG) editors within an IFrame element like FCKeditor or TinyMCE. Popular web applications which make use of this feature include Google Docs & Spreadsheets (formerly Writely), JotSpot Live, and Windows Live Hotmail to name a few.

Iframes have been implicated in many malicious code attacks, due to a series of common vulnerabilities. This was evident in many 2007 web based threats, notably the so-called 'Italian Job' of June, 2007. An IFrame can be planted on an unsuspecting legitimate website, leading the casual viewer into an infection threat.