Is it safe to embed webpages on my webpage?

Question

Is it safe to embed a webpage inside another webpage with external origin.

User can also choose what webpages to embed, and it could be anything, valid webpage.

Can those webpages access my document? manipulate javascript and does it have some XSS vulnerabilities?

Generally I'm interesting if it is safe, or if there is a way to secure it.

score 4 · Accepted Answer · edited May 23 '17 at 11:52

4

They cannot access your document. You cannot access their documents either.

The only 'dangers' are:

Annoying popups
Annoying alerts()
Viruses (JavaScript exploits (example), Drive-by downloads)

I don't recommend doing it! Especially not if users can share their own included sites.
Even if the external sites do not contain viruses, these sites are (from a user's perspective) on your site and can affect your reputation.

edited May 23 '17 at 11:52

Community

1
1

answered Oct 26 '13 at 18:06

ComFreek

29,044
18
104
156

I can bear with popups and alerts as they appear only in users page, but what about viruses? virus for my site or just a user virus? – CBeTJlu4ok Oct 26 '13 at 18:09
@Mpa4Hu Only a 'virus' for the users. Note that the alerts() will appear on the whole tab or window. /Connor: I've added two links. – ComFreek Oct 26 '13 at 18:10
**Thanks all upvoters** - I'm now a 10k rep user :-) – ComFreek Oct 26 '13 at 20:01

Is it safe to embed webpages on my webpage?

1 Answers1