Does your plugin help an iframe be more secure?

  • Resolved kristinubute

    (@kristinubute)


    3 years ago

    Hi, My client new website is being designed in WordPress for an accommodation site. They are using an external party for bookings, but they have provided us with a link to use on the website for bookings.

    We don’t want the LINK for bookings to be redirected OFF to the other website for bookings, away from the client website. He doesn’t want that.

    So therefore I thought of using an i-frame instead, but have been told that i-frames are NOT secure in WordPress and NOT to use them in Worpdress.

    Then I came across your plugin, thinking maybe this way we can show the bookings on the website via your plugin iframe, but I am NOT sure how this will work and possibly be more secure using your plugin because that is the purpose of your plugin?

    As an iframe code uses the actual LINK in the iframe coding to embed that link into the site from another website.

    HOW can we keep that LINK secure OR hidden, so that it is not compromised and not having the security risks in an iframe general code as such?

    We would still love to be able to use an iframe but with your plugin and reducing risks that general iframe code has.

    Example.

    Client test website: testmotel.com.au

    External 3rd party booking link system (TEST) is https://3rdpartybooking.com/Search/

    Iframe code to use in WordPress website:

    <iframe sr”https://3rdpartybooking.com/Search/&#8221; width=”100%” height=”900px” ></iframe>

    As the 3rd party link that we are wanting to integrate within the iframe, allows bookings for acommodation to be done, choosing booking dates etc from this particular link, and if iframe is NOT secure, I assume your plugin helps with ways to help keep it more secure and doing it differently?

    I’m assuming your plugin allows us to somehow do the code for iframe differently and to help minimising the risks and hiding the actual external code within the iframe that is inserted from the actual link .

    If you could advise quickly would be great, as I’m meeting the client and would like to have the option of showing with your plugin.

    What is the difference between your free and Paid plugins? What other features are available>?

    Hopefully I am making sense with my question.

    Thanks

    Kristin

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter kristinubute

    (@kristinubute)

    3 years ago

    Hello again. I’ve just installed it and tested it out.

    So I can see that your code omits the iframe code which I assume for security reason which is great.

    [advanced_iframe use_shortcode_attributes_only=”true” src=”//www.tinywebgallery.com/blog/advanced-iframe” width=”100%” height=”2000″]

    So therefore I have added this into my client TEST SITE, and changed height to 2000.

    And the customer can then check dates of availability no issues, and scrolling down as I’ve made the frame 2000 height.

    My question is, can I somehow have the top section (header) to stay and the rest scroll by any chance?

    The 3rd party link has the Cart button on the very top section of the header area, so when I scroll with iframe, I cannot see it.

    Is there some code we can implement, to say maybe 1cm of iframe stays and does NOT move where rest has the scroll button to keep scrolling down?

    Is that an option by any chance? I hope so, as I need that top area to show (only need 1cm) section that doesn’t scroll of the iframe, then rest scrolls.

    Thanks

    Kristin

    Thread Starter kristinubute

    (@kristinubute)

    3 years ago

    Hi,

    Here is an example of a site using iframe, where top section of iframe stays the same, and rest scrolls down. Not sure how I can achieve that?

    Hoping we can add some code to the shortcode area to achieve this ?

    This is an example site.

    https://www.airport-motel.com.au/check-availability/

    Thanks

    Kristin

    Plugin Author mdempfle

    (@mdempfle)

    3 years ago

    Hi,

    to your questions. Who told you an iframe is insecure? I do implement payment provider in an online shop and most of them use iframes so credit card information is handled in a secure way.

    So an iframe is simply one page in another page. The only “spooky” is that users do not see the url of the iframe page directly.

    The difference is https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-comparison-chart – and many more features not even listed here. See some demos here: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo

    About your scrolling. If you like something like that you need to code this. Sticky headers have nothing to do with the iframe itself. You simply have to code them.

    Also please check if the add to cart button is working. Cookies in iframes need certain parameters to work. And carts very often use cookies.

    Best regards,

    Michael

    Thread Starter kristinubute

    (@kristinubute)

    3 years ago

    Hi, Thanks for your reply.

    Yes I understand the Iframe is used to add the content from another website inside the iframe so it doesn’t redirect to another site.

    It was the software people (accommodation booking software people) who told me NOT to implement the code into a iframe. They said iframes are not secure.

    They said if we link the content of the Booking System inside the iframe for acommmodation bookings, that when it redirects to the payment gateway, it may be insecure because of the iframe vulnerabilities.

    I don;t know WHY they would think that. The old way of doing iframes had issues from memory years ago.

    I didn’t think they were correct. Therefore that is WHY I reached out to you and your plugin to investigate further as I really need an iframe working.

    The ADD to Cart is functioning no issues in the iframe from the other booking system.

    The main issue I am having using an iframe is the height of it. The actual height of the iframe only seems to be about 1000px .. I try to code it to be 2000px , but still stays the same, and therefore has the scroll button on right side of iframe. It gets too squishy therefore I need the iframe to be at least 2500px height.

    The other issue I am having, is that there is a popup in the iframe that needs to be displayed, and displays under the viewing of the page where you cannot see the popup. I cannot seem to move things.

    If you could advise HOW I could achieve that would be great.

    Thanks Kristin

    Plugin Author mdempfle

    (@mdempfle)

    3 years ago

    About the height. Auto height is only possible on the same domain or by adding Javascript to the remote page. see: http://www.tinywebgallery.com/blog/advanced-iframe-resize-to-content-summary for details.

    The popup is more a problem. if this is not displayed properly there wi very little you can do except to ask the owner of the page to make the popup working correctly in an iframe.

    Best regards, Michael

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Does your plugin help an iframe be more secure?’ is closed to new replies.

Tags

  • 6 replies
  • 2 participants
  • Last reply from: mdempfle
  • Last activity: 3 years ago
  • Status: resolved