17 Jan
2008
17 Jan
'08
8:01 a.m.
Andreas Jung wrote: ...
Iframes are still a valid choice in case asynchronous won't work e.g. when you need to load resources from servers != your origin server. Due the security model of asynchronous requests, a browser will only load stuff from the origin server. Iframes are a way to work around this limitation - ugly as you said, but sometimes a good workaround.
Not only ugly but also a very security threat. Been there, seen a lot important sites fell on their noses when it comes to CSS* and friends. Better find another solution in such cases and allow users to disable support for iframes for better security. *) here: cross site scripting Regards Tino