Saturday, May 21, 2005

Secure IFRAME gotcha

A simple caveat from an anonynmous JS whiz: when you create a new IFRAME element on a secure page, IE sets the default SRC to a non-secure blank page, thus popping a security alert dialog.

var el = document.createElement('iframe');

Since creating IFRAMEs in IE this way is already problematic, the solution might be to insert the IFRAME with innerHTML rather than using createElement. YMMV.

1 Comments:

At 4:41 AM, Blogger JayJay said...

I have been breaking my head on this one too a couple of years back. I just call a blank (but existing) html page in the iframe.

 

Post a Comment

<< Home