开发者

Disadvantages of hidden iFrames in file upload

I'm uploading a file to my server by setting my form target to an invisible iFrame on the page. The iFrame is created and dropped(by setting a timeout) in the upload button click handler itself.

Is there any reason why I shouldn't use an iFrame? I ask coz I've heard only bad things about iFrames. I love the way i开发者_如何学Got makes the whole upload process look by not reloading the page.

So is there any security issues i should be worried about?

Thanks,

Abhishek


IFrames are used for XSS (Cross Site Scripting) attacks.

See:

http://www.computeruser.com/tutorials/iframe-injection-attack-is-most-common-and-most-basic-cross-site-scripting-xss-attacks.html

https://www.owasp.org/index.php/Cross_Frame_Scripting

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜