https://stackoverflow.com/questions/18156052
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianBy default cookies are bound to the domain name, so in normal case that should not possible.
If you got a XSS Vuln. on your site, he could access the cookies, so rather be sure to escape all Inputstrings.
iFrame Security Risks from Embedding by Hacker
-
24-06-2022 - |
Question
Within my app (http://www.example.com) I am running an iFrame (https://www.example.com/iframe-application).
The main page (www.example.com) only renders custom data based on cookies set by the iFrame. The iFrame has all the smarts, the Javascript, the secure cookies, etc. The iFrame has NO text, images, etc. only javascript code.
Is there any risk that someone would embed the iFrame in another site and access secure cookies, login tokens, etc?
Solution
OTHER TIPS
That would be a cross-site scripting attack and most browser will prevent it unless the user has configured them not to.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
