# iframe

## Overview

The [\<iframe>](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe) tag is used to embed an HTML document in another HTML document. If the source of the inserted document is located on another origin, the same origin policy will block any access to the content of the other document for both of them.

## Open redirect

Child documents can view and set location property for parents, even if cross-origin `top.window.location`.

For example, if `vulnerable-website.com` contains the following `iframe`:

```html
<iframe src=//malicious-website.com/toplevel.html></iframe>
```

where `https://malicious-website.com/toplevel.html` is:

```html
<html><head></head><body><script>top.window.location = "https://malicious-website.com/pwned.html"</script></body></html>
```

when the `iframe` is loaded, the parent will be redirected to the `https://malware-website.com/pwned.html` page, even if the child document is loaded from a different origin. In this case, the same origin policy will be bypassed because the `iframe` is not being "sandboxed", check out the [sandbox](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe) iframe attribute.

References:

* [\<meta> and \<iframe> tags chained to SSRF](https://medium.com/@know.0nix/hunting-good-bugs-with-only-html-d8fd40d17b38)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xn3va.gitbook.io/cheat-sheets/web-application/html-injection/iframe.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.