Social Media sites preventing other sites displaying their pages in an iFrame

Question

Last week at work we noticed that if you try and display a YouTube page in an iFrame you are shown a page stating that this is not allowed. A link is shown that takes you direct to the page. We looked at other social media sites, both Facebook and Twitter also do this.

I have two questions. One how is this done? My guess is it's a check something like:

if(window != top){
  // display 'error' page
}

The other question is why is this done? My first thoughts were maybe it was to do with security but the more I've thought about it, the more I think it's a legal thing or a marketing decision.

score 2 · Accepted Answer · answered Aug 03 '11 at 09:29

Websites don't want other websites stealing their content. I remember implementing something like this as far back as in the nineties. You pretty much answered your own question. However, it is also a security issue. At least with Twitter, there used to be some malicious sites, which would do the following:

Make some bs website with something about tweeting or posting something, showing some kind of form.
Include an iframe pointing to http://twitter.com/share?text=SPAM_TEXT_HERE
Position that iframe into a place where a button for the bs site's form would be.
Scroll the iframe so that only the "Tweet" button shows from the iframe.

This way they would get people tweeting their spammy tweets.

I thought I had a few reasonable guesses, but it's good to get some definite reasons. Cheers. — Daniel Hollinrake, Aug 03 '11 at 09:54

score 1 · Answer 2 · answered Nov 05 '12 at 23:11

the problem is in youtube policies, I give you the official answer by youtube's David Boyle and the correct embed options on api' s page https://developers.google.com/youtube/player_parameters?hl=it

Hello YouTube API Developers,

This Wednesday, January 12, the YouTube.com web team will be implementing a change to prevent websites from including the www.youtube.com website on their pages via an <iframe> (or <frame>). Following this change, an <iframe> pointing to www.youtube.com will cease to display the YouTube web site, and instead will display a blank page.

While this change isn’t directly related to the YouTube API, we did want to announce this change in advance on the off-chance any YouTube API developers out there do include www.youtube.com on their site’s pages via frames. We also wanted to make clear that this change is not meant to affect the official <iframe> YouTube video embed API

(described at http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html),

which should remain fully operational. It is only intended to affect non-embed API usage.

If you’ve been including www.youtube.com on your pages because you were not sure how else to embed videos, this YouTube Help article details the official methods of embedding:

http://www.google.com/support/youtube/bin/answer.py?hl=en&answer=171780

Best Mario

Hi Mario. Thanks for replying but this doesn't tell me why they chose to implement it, only that they did implement it. — Daniel Hollinrake, Nov 06 '12 at 10:12
That said it does give extra info and advice with regards to YouTube so I've voted you up. I can see how it might help someone else. Thank you. — Daniel Hollinrake, Nov 08 '12 at 15:09

score 0 · Answer 3 · answered May 19 '23 at 11:28

How to Embed iFrame Code in Your WordPress Site (Manually and Using a Plugin) Leave a Comment / guides / By qmk Have you heard about inline frames (iFrames) lately and how they can help you share content on your website? If you run a blog or produce any web content, there are times when you probably want to share other people's content. more details click here

iFrames make it possible to do this efficiently and securely.

Using iFrames, you'll be able to display things like videos and images without hosting them on your website.

In this post, we'll provide an overview of what iFrames are, what they do, and how to use them in WordPress.

Then, we'll show you how to embed them manually and use plugins. Table of contents

Using iFrames in WordPress What are iFrames? Things to know before you start using iFrames How to Use iFrames in WordPress (3 Ways)

Embed the iFrame using the embed code
Use a text editor
Add an iFrame using a plugin You're ready to start using iFrames in WordPress!

Using iFrames in WordPress You might wonder why you need to use iFrames to embed content when there are other ways.

On the one hand, you can simply copy and paste content into your website, right? Or for videos, just download and upload them to your post, page or media library?

While these methods work, they are not desirable. First, copying and pasting other people's content may violate copyright laws.

The second reason you shouldn't upload things like videos is that these files take up a lot of disk space and bandwidth, and can slow down your site.

Using iFrames will avoid both of these problems.

Social Media sites preventing other sites displaying their pages in an iFrame

3 Answers3

Linked