Widget talk:Iframe

There is a Extension called Website in iFrame.

It has a security warning. Is there also a security problem by using this widget?

WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML


 * No, we paid attention to this and only valid URLs are allowed as parameters. --Sergey Chernyshev 07:02, November 22, 2010 (MST)

Blank page problem
I have been using this widget on a Centos 5 hosted installation for about 6 months now with no issues. The server was running MySQL V5.2x and php v5.2.x (ie non-standard for Centos 5). I recently tried upgrading to the latest available MySQL and php releases from the 3rd party repository I have used without issues for 12 months or so. The upgrade 'broke' the server and I was forced to revert to the standard Centos MySQL and php (5.077 and 5.1.6) release to get it working again. This had the unfortunate effect of causing this widget to return blank pages. I have tried the following, all to no avail:
 * 1) I use SMW and because the the Centos standard (5.1) php release does not have advanced date handling, I thought that might be the problem and tried creating an iframe with no dates on the page. It had no effect. The system returns a blank page even if I only include a url.
 * 2) I tried using an iframe without SMW - still no joy

This is a cracking piece of software and, with a couple of hundred pages already using it I really would like to get it working again. You can see an example of sysem behaviour at: https://wikispooks.com/wiki/Document:Blood_Diamond

The blank page is returned almost instantaneously whereas most pages take at least a few seconds to load - which may be a clue.

Any pointers much appreciated --Sabretache 12:42, October 24, 2011 (AST)
 * I don't think I can give you a good generic answer. You should probably look in your log files and ask questions on SMW mailing list. --Sergey Chernyshev 13:00, October 24, 2011 (AST)


 * Thanks for quick response Sergey. Haven't found anything relevant in any of the server logs yet. Problematical since there is no error returned too. I'll post here if and when I find a solution.