Disadvantages of hidden iFrames in file upload

2018-06-06 04:03:17

I'm uploading a file to my server by setting my form target to an invisible iFrame on the page. The iFrame is created and dropped(by setting a timeout) in the upload button click handler itself.

Is there any reason why I shouldn't use an iFrame? I ask coz I've heard only bad things about iFrames. I love the way it makes the whole upload process look by not reloading the page.

So is there any security issues i should be worried about?

Thanks,

Abhishek

IFrames are used for XSS (Cross Site Scripting) attacks.

See:

http://www.computeruser.com/tutorials/iframe-injection-attack-is-most-common-and-most-basic-cross-site-scripting-xss-attacks.html

https://www.owasp.org/index.php/Cross_Frame_Scripting

链接地址: http://www.djcxy.com/p/19252.html

上一篇: 通过iframe嵌入的YouTube视频忽略z

下一篇: 文件上传中隐藏的iFrames的缺点