An html validation err has me thinking about iframes a bit more deeply than ever before!
Here’s the err that’s got me going back to the basics and beyond!
'allow' is not a valid attribute of the <iframe> element.
- Granular control of feature policies sound powerful if used correctly!
- iframes expose an attack vector to the elements!!
- iframes look exactly like a hacker’s best friend!!!
Any thoughts are welcome!!! 