> -----Original Message----- > From: Waynn Lue [mailto:waynnlue@xxxxxxxxx] > Sent: Friday, September 26, 2008 6:17 AM > To: PHP General list > Subject: Passing Variables to an iframe > > This may be more a general HTML question, so let me know if I should > post > somewhere else. > > I was hoping to do some logic in a script, and then pass the results of > that > script to an iframe for more processing. Is it secure to include those > variables as get parameters to the iframe, though? In other words, if > I > have something like this: > > <iframe src="http://example.com/?accesseverything=true";> > > where I use PHP to generate the src for the iframe. Could someone just > use > Firebug or something to set that variable? Is there a better way of > passing > it instead? I'm still not fully awake yet, so I won't comment as to a "better way," but I'll say this: any properties of any DOM element you dish out to the user can be read and/or modified after they have been sent. If you have any filenames, URLs, or sensitive data that is used in processing--but *doesn't* need to be seen by the user or the client machine at any time--don't output it. :) Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
