Forum Discussion

Advisor

11 years ago

Passing parameters to an iFrame

Ok more than a little pleased with myself, since I am not a coder it was pretty cool when I saw this work. The problem I had was that I had a form (using Eloqua but could be any form) posted in a...

nathan

Executive

11 years ago

It's a clever solution. As Paolo said, there is a risk of XSS due to the lack of filtering on the URL. OWASP are a pretty good resource if you want to know more about this kind of thing:

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

A couple of suggestions:

* You could wrap the JavaScript in some FreeMarker so that it only appears on the pages you want.

* If the user is logged in, you can retrieve the email address and other user info from FreeMarker, avoiding the need to extract it from the URL.

* It's probably OTT for what you need, but you could look at encrypting the user's email address in the URL to avoid potential abuse.

Forum Discussion

Passing parameters to an iFrame

Related Content

Passing multiple parameters to the endpoint from Component

Passing parameter from custom component to an endpoint

How to pass user defined parameters to text key?

Can I cache a component based on parameter ?

Pass parameter to custom content component in community

Recent Discussions

liqlAdmin in khoros aurora graphql API

Join node/group 301 API error

How do I get the article ID in Freemarker in a TkbArticle?

How to retrieve "Internal reason for ban" field

Tips on keeping stage and prod in alignment?