javascript - How do I counter iframe security problems? -

i heard there many security issues arise when use iframes. handle xss, else should make sure no problems happen?

i came across js codes use top.window, concern client-side code not reliable, else can server side? (i using php, awesome if solution generic)

update: make things clearer, using iframe, because don't want headers, menues etc.. refreshed every time. trying find way use iframe without falling security problems.

you set x-frame-options header deny. let browsers know if resource loaded via iframe don't display.

you can read more & configuring server send header @ mdn. also, in php can use

header("x-frame-options: deny")