Information Security Asked on November 21, 2021
In my web app I’m using a good sanitizer which let’s me to whitelist some specific html tags.
I’d like to allow <iframe> so that users can insert youtube videos and so on.
However I’m worried about vulnerabilities that this approach would introduce.
So not sure this is a safe idea.
Appreciate your hints about this.
"As soon as you're displaying content from another domain, you're basically trusting that domain not to serve-up malware. There's nothing wrong with iframes per se. If you control the content of the iframe, they're perfectly safe." - Shamelessly stolen from this thread.
However your web app could be vulnerable if there is XSS vulnerability inside the iframe content. You can mitigating this by setting the sandbox attribute.
Answered by maximillian1 on November 21, 2021
4 Asked on December 6, 2020 by tjclk
1 Asked on December 2, 2020 by user182663
1 Asked on December 1, 2020 by bob
2 Asked on December 1, 2020 by cpp_enthusiast
1 Asked on November 30, 2020
1 Asked on November 29, 2020
1 Asked on November 28, 2020 by piece0fshite
1 Asked on November 4, 2020 by aventinus
1 Asked on October 29, 2020 by harrison-lucas
1 Asked on October 25, 2020 by cromwell-rosalin
1 Asked on October 16, 2020 by python
1 Asked on October 12, 2020 by safwan
8 Asked on September 10, 2020 by ra828
1 Asked on September 1, 2020 by alexis-wilke
2 Asked on August 18, 2020 by robin-xing
1 Asked on August 10, 2020 by george
1 Asked on August 8, 2020 by reed
Get help from others!
Recent Answers
Recent Questions
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP