Anybody can see it and change it. All user input, which always includes GET/POST/COOKIE data is always untrustworthy. > -----Original Message----- > From: Waynn Lue [mailto:waynnlue@xxxxxxxxx] > Sent: Friday, September 26, 2008 6:17 AM > To: PHP General list > Subject: Passing Variables to an iframe > > This may be more a general HTML question, so let me know if I should > post > somewhere else. > > I was hoping to do some logic in a script, and then pass the results of > that > script to an iframe for more processing. Is it secure to include those > variables as get parameters to the iframe, though? In other words, if > I > have something like this: > > <iframe src="http://example.com/?accesseverything=true";> > > where I use PHP to generate the src for the iframe. Could someone just > use > Firebug or something to set that variable? Is there a better way of > passing > it instead? > > Thanks, > Waynn _______________________________________________________ The information in this email or in any file attached hereto is intended only for the personal and confiden- tial use of the individual or entity to which it is addressed and may contain information that is propri- etary and confidential. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communica- tion is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product. Email trans- mission cannot be guaranteed to be secure or error- free. P6070214 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
