Secure IFRAME gotcha
A simple caveat from an anonynmous JS whiz: when you create a new IFRAME element on a secure page, IE sets the default SRC to a non-secure blank page, thus popping a security alert dialog.
var el = document.createElement('iframe');Since creating IFRAMEs in IE this way is already problematic, the solution might be to insert the IFRAME with innerHTML rather than using createElement. YMMV.
3 Comments:
An other, maybe better, solution is to set a valid source before add the created dom node to any parent. This is the solution we use in qooxdoo(http://qooxdoo.sourceforge.net). Helpful and not affected by this bug for example is: "javascript:void()". So a valid code looks like the following:
var iframeNode = document.createElement("iframe");
iframeNode .src = "javascript:void()";
parentNode.appendChild(iframeNode);
This should help to omit the security dialog of the internet explorer, too.
I have been breaking my head on this one too a couple of years back. I just call a blank (but existing) html page in the iframe.
You can (should?) usually create iframes in IE using the full tag syntax. Beleive it or don't, IE will accept something along the lines of:
document.createElement("<iframe src='foo.html' ... >");
It's how I've licked the issue in the past (wrapped in a conditional for sane browsers to ignore).
Post a Comment
<< Home