Saturday, May 21, 2005

Secure IFRAME gotcha

A simple caveat from an anonynmous JS whiz: when you create a new IFRAME element on a secure page, IE sets the default SRC to a non-secure blank page, thus popping a security alert dialog.

var el = document.createElement('iframe');

Since creating IFRAMEs in IE this way is already problematic, the solution might be to insert the IFRAME with innerHTML rather than using createElement. YMMV.

6 Comments:

At 11:38 AM, Blogger wpbasti said...

An other, maybe better, solution is to set a valid source before add the created dom node to any parent. This is the solution we use in qooxdoo(http://qooxdoo.sourceforge.net). Helpful and not affected by this bug for example is: "javascript:void()". So a valid code looks like the following:

var iframeNode = document.createElement("iframe");
iframeNode .src = "javascript:void()";
parentNode.appendChild(iframeNode);

This should help to omit the security dialog of the internet explorer, too.

 
At 4:41 AM, Blogger halans said...

I have been breaking my head on this one too a couple of years back. I just call a blank (but existing) html page in the iframe.

 
At 2:25 PM, Blogger alex said...

You can (should?) usually create iframes in IE using the full tag syntax. Beleive it or don't, IE will accept something along the lines of:

document.createElement("<iframe src='foo.html' ... >");

It's how I've licked the issue in the past (wrapped in a conditional for sane browsers to ignore).

 
At 8:01 PM, Blogger Freddies Blog said...

Last month I made $12,124 with Google Adsense... Click
here for free information on how you can do the same!

 
At 6:12 AM, Blogger Mizambar 6294 said...

Last month, I earned $12,124 from Google Adsense, click here for free information to find out how you can do the same

 
At 1:56 PM, Blogger Freddies Blog said...

Last month, I earned $12,124 from Google Adsense, click here for free information to find out how you can do the same

 

Post a Comment

<< Home