Javascript Widget versues iFrame? Security issues?

I have a quick question. I want to create a small Scheduler widget to put on my clients websites. So if I need to make a global change to the form, I would just have to do it once.

The form will have to be unique to the website because I need to know which e-mail address to send the form to once it is submitted.

I was thinking of an iFrame I could use like this:

<iframe src="http://www.domain.com/scheduler/shop-name/"></iframe>

But I don't think that would be the best method, and I wouldn't want someone directly going to that URL.

Another option is something like this:

<script type="text/javascript">
shop_id = '114000300';
</script>
<script src="http://www.domain.com/js.widget" type="text/javascript"></script>

I'm not too sure how to execute that option yet, I'm not that experienced with Javascript but what do you guys think? What are the pros and cons of the iFrame vs Javascript?

Just wondering what the best option is, and if anyone has some tips on how to get started and any security issues I need to look out for.

Thanks!

Answers:

Answer

An <iframe>

  • Cannot communicate its size to the parent window without additional work, which limits resizing.
  • Provides better isolation, as you cannot access anything on the parent page. This may be a plus from your customer's perspective.
  • Could be written in pure HTML, no Javascript experience necessarily required.
  • Has its own independent CSS styles.
  • Works for users who have scripting disabled.

A script

  • Allows you full access to the parent page
  • Will slow page load, as the browser will load your script before rendering the rest of the page. (At least as you have shown there, there are ways around this.)
  • Obviously requires some experience with Javascript.
  • Must share styles with the parent page. This could cause compatibility problems if your client's page uses broad-scoped style rules, such as rules for * or div.
Answer

Few more points in addition to @Dark Falcon's answer,

  • You have more control on the design in case of an iframe. In case of javascript widget, the client's styling might conflict with the widget's styling.
  • iframe is better in terms of security (cookies stored are different).
  • Making a JavaScript widget needs more care and expertise as you need to ensure that the other JavaScript doesn't conflict yours'. (global vars etc...)

You can use a JavaScript that writes an iframe dynamically if you want to avoid someone from going directly to the URL.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.