Hmmm
https://ry3yr.github.io/OSTR/Diarykeepers_Homepage/php.html#jsfiddleclone

Eats #data for #dinner

The #iframes don't get #cached, and I can't disable them, as they are #created #serverside with #php

Uff
Then again.
I don't exactly need to visit this one often.
#Luckily

So I'm getting the weirdest error when I embed a #YouTube video in a #bootstrap modal on #Chrome (not Safari). Did YouTube change something or perhaps chrome? I know the postMessage function is a part of #iframes as I just recently learned how to use that. The error immediately stops when you open the modal and when you close the modal the error doesn't show up either.

#YES

"#iframes are not the issue. iframes are the scapegoat. the issue is just really complex. HTTP was insecure in a specific way that prevented a certain use-case of the web and CORS fixes that in a way that happened to make iframes really complicated. iframes are a #valuable user interface #tool."

https://stackoverflow.com/questions/40866219/how-to-resolve-iframe-cross-domain-issue

#Well #Youtube #BrokenCodeAlcea

#your #frames / #iframes #really #suck and nothing should ever #overlap like that

#featurenotbug wtf ?

Lemme add a gazillion "<br>" to fix that 😔

OpenSea patches vulnerability that potentially exposed users’ identities - Cybersecurity firm Imperva found a vulnerability that could be us... - https://cointelegraph.com/news/opensea-patches-vulnerability-that-potentially-exposed-users-identities #openseaexploit #vulnerability #nftexploit #nftusers #phishing #opensea #iframes #hackers

#Flashpoint noticed a #vulnerability with #Bitwarden browser extension in the way it interacts with embedded #iframes in webpages.

The vulnerability comes down to Bitwarden's #autofill behavior as well as the default #URI matching (set by default to base domain, i.e. top-level and second-level domain matches).

They identify two attack vectors:

1) An uncompromised website embeds an external iframe (not sandboxed) that is under an attacker’s control and the ‘Auto-fill on page load’ option is enabled.

2) An attacker hosts a specially crafted web page under a subdomain of e.g. a hosting provider, which has its login form under the same base domain.

Recommended actions:

1) Make sure "Auto-fill on page load" is disabled.

2) Set "Default URI match detection" to "Host" or "Exact".

https://www.flashpoint.io/blog/bitwarden-password-pilfering/

#Bitwarden flaw can let #hackers steal #passwords using #iframes

https://www.bleepingcomputer.com/news/security/bitwarden-flaw-can-let-hackers-steal-passwords-using-iframes/

Bitwarden's credentials #autofill feature contains a risky behavior that could allow #malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.

#passwordmanager #passwordmanagers #tech #technology #security #infosec #hack #hacking

"iFrame Resizer" #JavaScript library enables the "automatic resizing of the height and width of both same and cross domain" #iframes to fit their contained content.

http://davidjbradshaw.github.io/iframe-resizer/

HVORFOR bruger e-boks iframes i 2022???
#eboks #iframes #so90s

#iFrames - It's just a completely broken technology. And yet I am forced to fix them at work nearly very two sprints.
Why can't they just stop using/supporting it?

#LegacyCode #Work #Programming #Web