Are any security/browser compatibility issues with posting a form to an iframe?

Question

I am building a plain IOT web interface in python with a simple HTML form. When a user would submit this form there is no need for a response. I would like to simplify and use a very old technique from the times before ajax:

<form target="hiddeniframe" method="post">
<input type="text" name="somevalue">
<input type=submit>
</form>

<iframe name="hiddeniframe" style="display:none;"></iframe>

The POST request would go into the hidden iframe. The user would see the result live from the connected device, so no need to show a response.

I would like to know if there are any security/browser compatibility issues with using this old technique?

@Liam it works, but I would like to know if there are any security/browser compatibility issues — user3314524, Feb 16 '18 at 11:35
@RacilHilan I would like to avoid re/loading a new page to the customer. if i would use JS then the solution would be similiar to your suggestion. — user3314524, Feb 16 '18 at 11:38
It does generally help if you ask the question you want answered. I've edited, this may get re-opened, it may not — Liam, Feb 16 '18 at 11:43
I don't think there are any browser compatibility issues. As for security, it depends on the rest of your code, but in general I don't think it introduces any security issues over the standard use of `form` without the `target` attribute. — Racil Hilan, Feb 16 '18 at 11:45
The rumours of the deprecation of this [are incorrect](https://stackoverflow.com/a/4828795/542251) if that's your concern. Nice to see [w3fools are still peddling none sense](https://www.w3schools.com/TAGS/att_form_target.asp) though, I thought they'd cleaned that site up — Liam, Feb 16 '18 at 11:50
@Liam Well, do you consider [W3C](http://w3c.github.io/html-reference/a.html) to be a better source? Read the note under `target`. Anyway, whether w3school or W3C, when something is deprecated in one version and then supported again in the next version, then the deprecation no longer needs to be considered. — Racil Hilan, Feb 16 '18 at 12:28
@Liam I know, and the irony is that W3C doesn't have a similar note for `
`, while w2school doesn't have it for ``, so it's the same note in different place. Now who's right and who's wrong? :) Both websites are just an easier-to-read summery of the specs, and they both contain some errors. Did you actually read the specs to confirm that any of these two websites is right or wrong? The bottom line, since it is no longer deprecated in HTML5, then who cares if it was or wasn't deprecated in HTML4? It's not even worth reading the specs for that. ;) — Racil Hilan, Feb 16 '18 at 13:05

Are any security/browser compatibility issues with posting a form to an iframe?

0 Answers0