Forum Discussion

Advisor

12 years ago

Passing parameters to an iFrame

Ok more than a little pleased with myself, since I am not a coder it was pretty cool when I saw this work. The problem I had was that I had a form (using Eloqua but could be any form) posted in a...

nathan

Executive

12 years ago

It's a clever solution. As Paolo said, there is a risk of XSS due to the lack of filtering on the URL. OWASP are a pretty good resource if you want to know more about this kind of thing:

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

A couple of suggestions:

* You could wrap the JavaScript in some FreeMarker so that it only appears on the pages you want.

* If the user is logged in, you can retrieve the email address and other user info from FreeMarker, avoiding the need to extract it from the URL.

* It's probably OTT for what you need, but you could look at encrypting the user's email address in the URL to avoid potential abuse.

Forum Discussion

Passing parameters to an iFrame

Related Content

Passing multiple parameters to the endpoint from Component

Passing parameter from custom component to an endpoint

How to pass user defined parameters to text key?

Can I cache a component based on parameter ?

iframe not being displayed

Recent Discussions

Need Help Finding Khoros API for Usage Data

Where are the Dev Docs?

View logged out text keys?

How to include cover image editor for forums post page

Can someone walk me through authenticating and using Postman with Aurora?