Occasionally, we get questions from customers asking if embedding CloudPano in an iFrame is safe. The answer is a resounding “yes.” iFrames are safe and standard across the web, and typically this question is asked by someone who isn’t super familiar with the internet. Still, It is a valid question so we thought we’d write a quick article.
Embedding a CloudPano tour via iFrame has the same security implications as embedding any other website via iFrame.
iFrame in general is considered a very secure way of embedding web content into another page. The way that iFrames were architected is that they allow for the embedded website to have NO access to the parent website.
There are a small handful of ways that iFrame embedded pages can behave maliciously. But this Is only in the case when the site you are embedding is a malicious site (for example, NOT CloudPano). Certain types of malicious iFrame behavior include “ClickJacking.” Clickjacking is when a user is tricked into clicking a hidden webpage embedded in an invisible iFrame. As a result, users may unintentionally download malware,
Of course, such a scenario is not a risk here.
The key thing to know about iFrames is that an embedded website can never read data from a parent website, and there are no security implications for embedding iFrames onto a page if the website being embedded is a trusted site.