

Show some love for iframes - waltz

Why is it that a lot of them websites have the x-frame-options to deny access from another url?<p>This stops the possibility of making iframe based browsers.<p>What do you have to lose by allowing iframes to your site?
======
gregorkas
You could load gmail or facebook or any other site in an iframe and tell the
user to login, but you would intercept his credentials with javascript.

~~~
gcb0
How exactly do you use javascript cross domain like that? i'd love to know.

~~~
gregorkas
You don't. You register a key press event listener on the main page and when
the user types into the iframe, you can catch the strokes.

Example: <http://www.jayssite.com/misc/iframesample.html> (not my site, I
googled it)

~~~
gcb0
i don't think this example is cross-domain...

