Talk:Iframe

Using "%" percent as width/height value
Thank you for this simple and useful widget. Wanted to ask if it is possible to represent iframe width with percentage value like 'width=100%' rather than in pixels?
 * I made width and height to just escape HTML attributes instead of validated integers so now you can use percentages. Enjoy. --Sergey Chernyshev 22:17, May 20, 2011 (MDT)

Frame breakout
The <-previous & next-> links on the book pages at this site below cause a breakout from the Iframe.

What advice do I need locally or to pass on to avoid this? --FGrose 00:52, April 15, 2010 (UTC)
 * I see they call an onclick; function, so I guess need to adjust that code. --FGrose 00:59, April 15, 2010 (UTC)
 * There is no way around that - that's a limitation of iframes --Sergey Chernyshev 19:59, April 15, 2010 (UTC)

{|
 * Sugar Learners' Manual
 * Sugar Learners' Manual

Special character? in URI problem
Is there a bug with consuming special characters in the URI?

See these two inclusions: Where this works for us:

Thanks for your great work! --FGrose 16:07, April 10, 2010 (UTC)
 * It is possible that PHP has problems validating these URLs with these characters in them. Can you use encoded versions instead? --Sergey Chernyshev 17:06, April 10, 2010 (UTC)
 * In these cases, the base URI redirects to the main pages. But, that workaround won't always be available. Should this be posted to wikitech-l? --FGrose 18:43, April 10, 2010 (UTC)
 * Actually, this workaround should always work - it's part of HTTP protocol. Unfortunately, it has nothing to do with MediaWiki, but with PHP's validation so bringing it up on wikitech-l might not help much unless they already dealt with this particular problem somewhere else, e.g. in their own URL validation regex. --Sergey Chernyshev 18:58, April 10, 2010 (UTC)
 * OK. Just trying to clarify my understanding, and add to this record: In the widget element,, who's php instance is processing the validation? Notice that if you click on the 'página' tabs within the widget frames, the pages are all accessible.  --FGrose 19:20, April 10, 2010 (UTC)
 * What do you mean who's - it's Widgets extension on this page that can't validate the URL properly and inserts empty space - if you look into the source of the page, you'll see that it's  --Sergey Chernyshev 20:13, April 10, 2010 (UTC)

IFrames not working
Hello,

When I have applied the Widget:iframe page and try to use the widget on a page, all I get is a redirection to a blank page that says <iframe src=", how can I resolve this?
 * Hmm. It's hard to tell - it works fine here as you can see. Can you post a URL to the page in question? --Sergey Chernyshev 18:08, June 19, 2010 (MDT)

I also get the same thing, just trying the example iframe. Running 1.16.1 and the latest Widget extension. --404Science

Only full URLs possible?
Hello,

the widget works well if given a full URL, but it would be even more useful if it could display other Wiki elements in the Iframe. Motivation: TreeAndMenu is a nice extension that can be used to display a navigation tree in the sidebar. However, on a complex Wiki with a "deep" navigation the sidebar soon gets too narrow. I hoped that the Iframe widget could be the solution to this... Any plans to make that possible?

Prameter request: No Scroll
Thank you very much for this widget. It is simple and does the job. I have just one suggestion... for aesthetic purposes in some implementations it can be very useful if another parameter could be added like "scrol=true/false" to remove the scroll bars.
 * I don't know CSS well enough to provide a comprehensive solution - my understanding is that iframe will not display scroll-bars unless they are needed and don't want to make it easy for people to hide invisible parts. --Sergey Chernyshev 08:09, March 14, 2011 (MDT)

Security risk?
Isn't there a security risk when using the Iframe widget as with the Iframe extension? --EWT 19:42, June 13, 2011 (MDT)
 * No, it is not vulnerable like the extension you mention - it's partially why Widgets extension was created to help widget creators build secure widgets with less effort. --Sergey Chernyshev 23:44, June 13, 2011 (MDT)
 * Yes, there is a big security risk, because everyone that can edit can enter ANY valid url. A valid url doesn't mean you can trust the contents of the page behind an url. Don't be a fool and don't use this on a public wiki, not even with flagged revisions on, unless you only want to lead your sysops to a malicious web page instead of the whole userbase. Sumurai8 17:31, December 13, 2011 (AST)
 * Well, page within an iframe is not allowed to interact with the parent frame and can't do harm to the main site. There are two primary vectors for an attack there - one is bugs in browsers that circumvent the same domain policy (hopefully none in mainstream or all sites would blow up), second is pretending that content that is iframed is content from main page, e.g. rendering wiki UI and so on. I think both are reasonable risks when you actually want people to insert stuff from other sites. Limiting by domain might be a good idea, but I'm not sure how to properly implement that in a widget framework. --Sergey Chernyshev 18:35, December 23, 2011 (AST)

marginwidth attribute does not work, correct?
The marginwidth and marginheight attributes do not work with this extension, correct?

--Ali.T 09:26, December 10, 2011 (AST)
 * nothing like that is coded in, but you can add them yourself if you like. --Sergey Chernyshev 14:10, December 10, 2011 (AST)