기본모드가 아닌 html 모드로 작성하며, 더나은 작성요령을 위해서 연습을 해보았습니다.
<iframe>,<embed>,<object> elements
<iframe>s are for embedding other web pages, and the other two allow you to embed PDFs, SVG, and even Flash - a technology that is on the way out, but which you' still see semi-regulary
Active learning: classic embeding uses
example:
Iframes in detail
<ifame> elements are desined to allow you to emed other web documents into th current document. this is great for incorporating third-parth content into your website that you might not have direct control over and don.t wnat to have to implement.
- allowfullscreen
- fullscreen mode using the FUll Screen api
- frmeborder
- set 1 , this tells the browser to draw a border between this frame and other frames, which is the default behaviour 0 remves border
- src
- contains a path pointing to the url
- Fallback Content
- you can included fallback content between the opening and close iframe tags that will appear if the browser doesn't support the iframe. In this case, we have includeded a link to the page instead
Security concerns
Only embed when necessary
"Sometimes it makes sense to embed third-party content -like youtube video and maps - but you can save yourself a lot og headaches if you only embed third-party content when completely necessary." "you can never be too catuious. if you made it, double-check it anyway. if someone else made it, ssume its' dangerous until proven otherwise"
Use https
https is the encrypted version of http. you should serve you website using https whenever possible:
- Https reduces the chances that remote content has been tampered with in transit,
- Https prevents emveded content form accessing content in your parent documents, and vice versa
Always use the snedbox attributes
unsnadboxed content can do way to much By default, you shoulkd imposes all available restiction by using the sandbox attribute with no parameters, as shown in our previous example